From sle-updates at lists.suse.com Tue Aug 1 08:44:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 08:44:52 -0000 Subject: SUSE-SU-2023:3083-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) Message-ID: <169087949250.32506.5629125242665510682@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:3083-1 Rating: important References: * #1210566 * #1212347 Cross-References: * CVE-2023-2002 * CVE-2023-3159 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_136 fixes several issues. The following security issues were fixed: * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3085=1 SUSE-SLE-Live- Patching-12-SP5-2023-3084=1 SUSE-SLE-Live-Patching-12-SP5-2023-3083=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_147-default-6-2.3 * kgraft-patch-4_12_14-122_136-default-9-2.3 * kgraft-patch-4_12_14-122_153-default-4-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212347 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 08:44:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 08:44:55 -0000 Subject: SUSE-SU-2023:3081-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) Message-ID: <169087949566.32506.549112085631409272@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:3081-1 Rating: important References: * #1210566 * #1212347 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-3159 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_151 fixes several issues. The following security issues were fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3081=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_36-debugsource-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_151-default-debuginfo-4-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212347 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 08:44:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 08:44:57 -0000 Subject: SUSE-RU-2023:3088-1: moderate: Recommended update for systemd-presets-common-SUSE Message-ID: <169087949727.32506.9283271248400227692@smelt2.suse.de> # Recommended update for systemd-presets-common-SUSE Announcement ID: SUSE-RU-2023:3088-1 Rating: moderate References: * #1212496 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for systemd-presets-common-SUSE fixes the following issues: * Fix systemctl being called with an empty argument (bsc#1212496) * Don't call systemctl list-unit-files with an empty argument (bsc#1212496) * Add wtmpdb-update-boot.service and wtmpdb-rotate.timer ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3088=1 openSUSE-SLE-15.5-2023-3088=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3088=1 ## Package List: * openSUSE Leap 15.5 (noarch) * systemd-presets-common-SUSE-15-150500.20.3.1 * Basesystem Module 15-SP5 (noarch) * systemd-presets-common-SUSE-15-150500.20.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212496 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 08:44:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 08:44:59 -0000 Subject: SUSE-RU-2023:3087-1: moderate: Recommended update for unixODBC Message-ID: <169087949993.32506.2362353430494961382@smelt2.suse.de> # Recommended update for unixODBC Announcement ID: SUSE-RU-2023:3087-1 Rating: moderate References: * #1213242 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for unixODBC fixes the following issues: * Add missing dependency requirement for glibc-locale-base (bsc#1213242) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3087=1 openSUSE-SLE-15.4-2023-3087=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3087=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3087=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3087=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * unixODBC-debuginfo-2.3.9-150400.16.3.3 * unixODBC-devel-2.3.9-150400.16.3.3 * libodbc2-2.3.9-150400.16.3.3 * unixODBC-2.3.9-150400.16.3.3 * libodbc2-debuginfo-2.3.9-150400.16.3.3 * unixODBC-debugsource-2.3.9-150400.16.3.3 * openSUSE Leap 15.4 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150400.16.3.3 * unixODBC-32bit-debuginfo-2.3.9-150400.16.3.3 * unixODBC-devel-32bit-2.3.9-150400.16.3.3 * unixODBC-32bit-2.3.9-150400.16.3.3 * libodbc2-32bit-2.3.9-150400.16.3.3 * openSUSE Leap 15.4 (aarch64_ilp32) * unixODBC-64bit-2.3.9-150400.16.3.3 * libodbc2-64bit-debuginfo-2.3.9-150400.16.3.3 * libodbc2-64bit-2.3.9-150400.16.3.3 * unixODBC-devel-64bit-2.3.9-150400.16.3.3 * unixODBC-64bit-debuginfo-2.3.9-150400.16.3.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * unixODBC-debuginfo-2.3.9-150400.16.3.3 * unixODBC-devel-2.3.9-150400.16.3.3 * libodbc2-2.3.9-150400.16.3.3 * unixODBC-2.3.9-150400.16.3.3 * libodbc2-debuginfo-2.3.9-150400.16.3.3 * unixODBC-debugsource-2.3.9-150400.16.3.3 * openSUSE Leap 15.5 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150400.16.3.3 * unixODBC-32bit-debuginfo-2.3.9-150400.16.3.3 * unixODBC-devel-32bit-2.3.9-150400.16.3.3 * unixODBC-32bit-2.3.9-150400.16.3.3 * libodbc2-32bit-2.3.9-150400.16.3.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * unixODBC-debuginfo-2.3.9-150400.16.3.3 * unixODBC-devel-2.3.9-150400.16.3.3 * libodbc2-2.3.9-150400.16.3.3 * unixODBC-2.3.9-150400.16.3.3 * libodbc2-debuginfo-2.3.9-150400.16.3.3 * unixODBC-debugsource-2.3.9-150400.16.3.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * unixODBC-debuginfo-2.3.9-150400.16.3.3 * unixODBC-devel-2.3.9-150400.16.3.3 * libodbc2-2.3.9-150400.16.3.3 * unixODBC-2.3.9-150400.16.3.3 * libodbc2-debuginfo-2.3.9-150400.16.3.3 * unixODBC-debugsource-2.3.9-150400.16.3.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213242 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 08:45:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 08:45:03 -0000 Subject: SUSE-RU-2023:3086-1: important: Recommended update for unixODBC Message-ID: <169087950315.32506.17954846817268116314@smelt2.suse.de> # Recommended update for unixODBC Announcement ID: SUSE-RU-2023:3086-1 Rating: important References: * #1200589 Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for unixODBC fixes the following issues: * Revert patch that called wide-char error functions. This caused a regression in 2.3.9 when error was reported while no actual error appeared (bsc#1200589) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3086=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3086=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3086=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3086=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3086=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3086=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3086=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3086=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3086=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3086=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3086=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3086=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3086=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * unixODBC-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * unixODBC-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * unixODBC-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * unixODBC-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * unixODBC-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * unixODBC-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * unixODBC-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * unixODBC-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Manager Proxy 4.2 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * unixODBC-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * unixODBC-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * unixODBC-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * SUSE Manager Server 4.2 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * unixODBC-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * SUSE Enterprise Storage 7.1 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * unixODBC-2.3.9-150200.8.6.1 * unixODBC-debugsource-2.3.9-150200.8.6.1 * libodbc2-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-2.3.9-150200.8.6.1 * unixODBC-debuginfo-2.3.9-150200.8.6.1 * libodbc2-2.3.9-150200.8.6.1 * SUSE Enterprise Storage 7 (x86_64) * libodbc2-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-32bit-debuginfo-2.3.9-150200.8.6.1 * unixODBC-devel-32bit-2.3.9-150200.8.6.1 * unixODBC-32bit-2.3.9-150200.8.6.1 * libodbc2-32bit-2.3.9-150200.8.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 08:45:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 08:45:06 -0000 Subject: SUSE-SU-2023:3082-1: important: Security update for qemu Message-ID: <169087950647.32506.2804283273524710397@smelt2.suse.de> # Security update for qemu Announcement ID: SUSE-SU-2023:3082-1 Rating: important References: * #1179993 * #1181740 * #1207205 * #1212968 * #1213001 * #1213414 Cross-References: * CVE-2023-0330 * CVE-2023-2861 * CVE-2023-3255 * CVE-2023-3301 CVSS scores: * CVE-2023-0330 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-0330 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-2861 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3255 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities and has two fixes can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present (bsc#1213414). * CVE-2023-0330: Fixed reentrancy issues in the LSI controller (bsc#1207205). * CVE-2023-2861: Fixed opening special files in 9pfs (bsc#1212968). * CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001). Bugfixes: * hw/ide/piix: properly initialize the BMIBA register (bsc#bsc#1179993) * Fixed issue where Guest did not run on XEN SLES15SP2 (bsc#1181740). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3082=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3082=1 openSUSE-SLE-15.5-2023-3082=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3082=1 ## Package List: * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qemu-guest-agent-debuginfo-7.1.0-150500.49.6.1 * qemu-chardev-baum-7.1.0-150500.49.6.1 * qemu-ui-dbus-7.1.0-150500.49.6.1 * qemu-debuginfo-7.1.0-150500.49.6.1 * qemu-block-rbd-7.1.0-150500.49.6.1 * qemu-block-curl-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-dbus-7.1.0-150500.49.6.1 * qemu-lang-7.1.0-150500.49.6.1 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.6.1 * qemu-block-iscsi-7.1.0-150500.49.6.1 * qemu-block-rbd-debuginfo-7.1.0-150500.49.6.1 * qemu-block-ssh-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.6.1 * qemu-debugsource-7.1.0-150500.49.6.1 * qemu-ui-curses-7.1.0-150500.49.6.1 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.6.1 * qemu-7.1.0-150500.49.6.1 * qemu-block-ssh-7.1.0-150500.49.6.1 * qemu-hw-usb-host-7.1.0-150500.49.6.1 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.6.1 * qemu-block-curl-7.1.0-150500.49.6.1 * qemu-guest-agent-7.1.0-150500.49.6.1 * qemu-ksm-7.1.0-150500.49.6.1 * qemu-ui-curses-debuginfo-7.1.0-150500.49.6.1 * Server Applications Module 15-SP5 (aarch64) * qemu-arm-7.1.0-150500.49.6.1 * qemu-arm-debuginfo-7.1.0-150500.49.6.1 * Server Applications Module 15-SP5 (aarch64 ppc64le x86_64) * qemu-ui-gtk-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.6.1 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-spice-7.1.0-150500.49.6.1 * qemu-hw-usb-redirect-7.1.0-150500.49.6.1 * qemu-chardev-spice-7.1.0-150500.49.6.1 * qemu-ui-gtk-7.1.0-150500.49.6.1 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-display-qxl-7.1.0-150500.49.6.1 * qemu-ui-opengl-7.1.0-150500.49.6.1 * qemu-audio-spice-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-spice-app-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-spice-core-7.1.0-150500.49.6.1 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.6.1 * Server Applications Module 15-SP5 (noarch) * qemu-ipxe-1.0.0+-150500.49.6.1 * qemu-vgabios-1.16.0_0_gd239552-150500.49.6.1 * qemu-skiboot-7.1.0-150500.49.6.1 * qemu-SLOF-7.1.0-150500.49.6.1 * qemu-seabios-1.16.0_0_gd239552-150500.49.6.1 * qemu-sgabios-8-150500.49.6.1 * Server Applications Module 15-SP5 (ppc64le) * qemu-ppc-debuginfo-7.1.0-150500.49.6.1 * qemu-ppc-7.1.0-150500.49.6.1 * Server Applications Module 15-SP5 (s390x x86_64) * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1 * qemu-kvm-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.6.1 * Server Applications Module 15-SP5 (s390x) * qemu-s390x-debuginfo-7.1.0-150500.49.6.1 * qemu-s390x-7.1.0-150500.49.6.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.6.1 * Server Applications Module 15-SP5 (x86_64) * qemu-x86-7.1.0-150500.49.6.1 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.6.1 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-alsa-7.1.0-150500.49.6.1 * qemu-audio-pa-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-pa-7.1.0-150500.49.6.1 * qemu-accel-tcg-x86-7.1.0-150500.49.6.1 * qemu-x86-debuginfo-7.1.0-150500.49.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * qemu-x86-7.1.0-150500.49.6.1 * qemu-ivshmem-tools-7.1.0-150500.49.6.1 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.6.1 * qemu-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-opengl-7.1.0-150500.49.6.1 * qemu-audio-dbus-7.1.0-150500.49.6.1 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-alsa-7.1.0-150500.49.6.1 * qemu-block-iscsi-7.1.0-150500.49.6.1 * qemu-audio-jack-7.1.0-150500.49.6.1 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.6.1 * qemu-block-ssh-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.6.1 * qemu-block-nfs-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-spice-app-7.1.0-150500.49.6.1 * qemu-extra-debuginfo-7.1.0-150500.49.6.1 * qemu-linux-user-debuginfo-7.1.0-150500.49.6.1 * qemu-extra-7.1.0-150500.49.6.1 * qemu-block-dmg-debuginfo-7.1.0-150500.49.6.1 * qemu-chardev-spice-7.1.0-150500.49.6.1 * qemu-hw-display-qxl-7.1.0-150500.49.6.1 * qemu-audio-jack-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.6.1 * qemu-guest-agent-7.1.0-150500.49.6.1 * qemu-block-gluster-7.1.0-150500.49.6.1 * qemu-linux-user-7.1.0-150500.49.6.1 * qemu-x86-debuginfo-7.1.0-150500.49.6.1 * qemu-chardev-baum-7.1.0-150500.49.6.1 * qemu-vhost-user-gpu-debuginfo-7.1.0-150500.49.6.1 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.6.1 * qemu-block-curl-debuginfo-7.1.0-150500.49.6.1 * qemu-lang-7.1.0-150500.49.6.1 * qemu-hw-usb-smartcard-debuginfo-7.1.0-150500.49.6.1 * qemu-accel-tcg-x86-7.1.0-150500.49.6.1 * qemu-vhost-user-gpu-7.1.0-150500.49.6.1 * qemu-audio-spice-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-curses-7.1.0-150500.49.6.1 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.6.1 * qemu-block-gluster-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-usb-host-7.1.0-150500.49.6.1 * qemu-arm-7.1.0-150500.49.6.1 * qemu-audio-pa-7.1.0-150500.49.6.1 * qemu-ui-spice-core-7.1.0-150500.49.6.1 * qemu-audio-spice-7.1.0-150500.49.6.1 * qemu-ksm-7.1.0-150500.49.6.1 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.6.1 * qemu-guest-agent-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-dbus-7.1.0-150500.49.6.1 * qemu-ppc-7.1.0-150500.49.6.1 * qemu-s390x-7.1.0-150500.49.6.1 * qemu-tools-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.6.1 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.6.1 * qemu-block-ssh-7.1.0-150500.49.6.1 * qemu-accel-qtest-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.6.1 * qemu-s390x-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-usb-smartcard-7.1.0-150500.49.6.1 * qemu-audio-oss-7.1.0-150500.49.6.1 * qemu-audio-pa-debuginfo-7.1.0-150500.49.6.1 * qemu-arm-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.6.1 * qemu-linux-user-debugsource-7.1.0-150500.49.6.1 * qemu-block-nfs-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-usb-redirect-7.1.0-150500.49.6.1 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.6.1 * qemu-accel-qtest-debuginfo-7.1.0-150500.49.6.1 * qemu-debugsource-7.1.0-150500.49.6.1 * qemu-7.1.0-150500.49.6.1 * qemu-headless-7.1.0-150500.49.6.1 * qemu-ui-gtk-7.1.0-150500.49.6.1 * qemu-block-dmg-7.1.0-150500.49.6.1 * qemu-ppc-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.6.1 * qemu-audio-oss-debuginfo-7.1.0-150500.49.6.1 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.6.1 * qemu-block-curl-7.1.0-150500.49.6.1 * qemu-ivshmem-tools-debuginfo-7.1.0-150500.49.6.1 * qemu-ui-curses-debuginfo-7.1.0-150500.49.6.1 * qemu-tools-debuginfo-7.1.0-150500.49.6.1 * openSUSE Leap 15.5 (s390x x86_64 i586) * qemu-kvm-7.1.0-150500.49.6.1 * openSUSE Leap 15.5 (noarch) * qemu-ipxe-1.0.0+-150500.49.6.1 * qemu-microvm-7.1.0-150500.49.6.1 * qemu-vgabios-1.16.0_0_gd239552-150500.49.6.1 * qemu-skiboot-7.1.0-150500.49.6.1 * qemu-SLOF-7.1.0-150500.49.6.1 * qemu-sgabios-8-150500.49.6.1 * qemu-seabios-1.16.0_0_gd239552-150500.49.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-7.1.0-150500.49.6.1 * qemu-block-rbd-debuginfo-7.1.0-150500.49.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qemu-tools-7.1.0-150500.49.6.1 * qemu-debugsource-7.1.0-150500.49.6.1 * qemu-tools-debuginfo-7.1.0-150500.49.6.1 * qemu-debuginfo-7.1.0-150500.49.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0330.html * https://www.suse.com/security/cve/CVE-2023-2861.html * https://www.suse.com/security/cve/CVE-2023-3255.html * https://www.suse.com/security/cve/CVE-2023-3301.html * https://bugzilla.suse.com/show_bug.cgi?id=1179993 * https://bugzilla.suse.com/show_bug.cgi?id=1181740 * https://bugzilla.suse.com/show_bug.cgi?id=1207205 * https://bugzilla.suse.com/show_bug.cgi?id=1212968 * https://bugzilla.suse.com/show_bug.cgi?id=1213001 * https://bugzilla.suse.com/show_bug.cgi?id=1213414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 11:22:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Aug 2023 13:22:19 +0200 (CEST) Subject: SUSE-CU-2023:2476-1: Security update of suse/sles12sp5 Message-ID: <20230801112219.3DFEAFD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2476-1 Container Tags : suse/sles12sp5:6.5.493 , suse/sles12sp5:latest Container Release : 6.5.493 Severity : moderate Type : security References : 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3012-1 Released: Fri Jul 28 14:17:47 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.81.1 updated - openssl-1_0_0-1.0.2p-3.81.1 updated From sle-updates at lists.suse.com Tue Aug 1 11:25:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Aug 2023 13:25:36 +0200 (CEST) Subject: SUSE-CU-2023:2477-1: Security update of suse/sle15 Message-ID: <20230801112536.4FA4FFD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2477-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.796 Container Release : 6.2.796 Severity : moderate Type : security References : 1193015 1211419 1213487 1213517 CVE-2023-2603 CVE-2023-3446 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2955-1 Released: Tue Jul 25 05:22:54 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1193015 This update for util-linux fixes the following issues: - Fix memory leak on parse errors in libmount. (bsc#1193015) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2961-1 Released: Tue Jul 25 09:32:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3068-1 Released: Mon Jul 31 16:33:43 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libblkid1-2.33.2-150100.4.37.1 updated - libcap2-2.26-150000.4.9.1 updated - libfdisk1-2.33.2-150100.4.37.1 updated - libmount1-2.33.2-150100.4.37.1 updated - libopenssl1_1-1.1.0i-150100.14.62.1 updated - libsmartcols1-2.33.2-150100.4.37.1 updated - libuuid1-2.33.2-150100.4.37.1 updated - openssl-1_1-1.1.0i-150100.14.62.1 updated - util-linux-2.33.2-150100.4.37.1 updated From sle-updates at lists.suse.com Tue Aug 1 11:25:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Aug 2023 13:25:50 +0200 (CEST) Subject: SUSE-CU-2023:2478-1: Security update of suse/389-ds Message-ID: <20230801112550.CABC6FD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2478-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.28 , suse/389-ds:latest Container Release : 14.28 Severity : moderate Type : security References : 1099695 1213487 CVE-2023-3446 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2998-1 Released: Thu Jul 27 08:39:49 2023 Summary: Recommended update for libdb-4_8 Type: recommended Severity: moderate References: 1099695 This update for libdb-4_8 fixes the following issues: - Fix incomplete license tag (bsc#1099695) The following package changes have been done: - libxml2-2-2.10.3-150500.5.5.1 updated - libopenssl1_1-1.1.1l-150500.17.9.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.9.1 updated - openssl-1_1-1.1.1l-150500.17.9.1 updated - libdb-4_8-4.8.30-150000.7.9.1 updated - db48-utils-4.8.30-150000.7.9.1 updated - container:sles15-image-15.0.0-36.5.20 updated From sle-updates at lists.suse.com Tue Aug 1 11:26:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Aug 2023 13:26:09 +0200 (CEST) Subject: SUSE-CU-2023:2480-1: Security update of bci/openjdk Message-ID: <20230801112609.771CDFD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2480-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.18 , bci/openjdk:latest Container Release : 10.18 Severity : important Type : security References : 1207922 1213473 1213474 1213475 1213479 1213481 1213482 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3023-1 Released: Fri Jul 28 21:59:48 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1207922,1213473,1213474,1213475,1213479,1213481,1213482,CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 (July 2023 CPU): - CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). - CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). - CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). - CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). - CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). - CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). - JDK-8294323: Improve Shared Class Data - JDK-8296565: Enhanced archival support - JDK-8298676, JDK-8300891: Enhanced Look and Feel - JDK-8300285: Enhance TLS data handling - JDK-8300596: Enhance Jar Signature validation - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 - JDK-8302475: Enhance HTTP client file downloading - JDK-8302483: Enhance ZIP performance - JDK-8303376: Better launching of JDI - JDK-8304460: Improve array usages - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling - JDK-8308682: Enhance AES performance Bugfixes: - JDK-8178806: Better exception logging in crypto code - JDK-8201516: DebugNonSafepoints generates incorrect information - JDK-8224768: Test ActalisCA.java fails - JDK-8227060: Optimize safepoint cleanup subtask order - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel - JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java doesn' initialize eName - JDK-8245877: assert(_value != __null) failed: resolving NULL _value in JvmtiExport::post_compiled_method_load - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken - JDK-8252990: Intrinsify Unsafe.storeStoreFence - JDK-8254711: Add java.security.Provider.getService JFR Event - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8261495: Shenandoah: reconsider update references memory ordering - JDK-8268288: jdk/jfr/api/consumer/streaming/ /TestOutOfProcessMigration.java fails with 'Error: ShouldNotReachHere()' - JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java fails: unexpected log message - JDK-8268582: javadoc throws NPE with --ignore-source-errors option - JDK-8269821: Remove is-queue-active check in inner loop of write_ref_array_pre_work - JDK-8270434: JDI+UT: Unexpected event in JDI tests - JDK-8270859: Post JEP 411 refactoring: client libs with maximum covering > 10K - JDK-8270869: G1ServiceThread may not terminate - JDK-8271519: java/awt/event/SequencedEvent/ /MultipleContextsFunctionalTest.java failed with 'Total [200] - Expected [400]' - JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can still fail with 'ERROR: new event is not ThreadStartEvent' - JDK-8274243: Implement fast-path for ASCII-compatible CharsetEncoders on aarch64 - JDK-8274615: Support relaxed atomic add for linux-aarch64 - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275287: Relax memory ordering constraints on updating instance class and array class counters - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276058: Some swing test fails on specific CI macos system - JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/ /bug6276188.java fails to compile after JDK-8276058 - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 - JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly identify it as pause - JDK-8278434: timeouts in test java/time/test/java/time/ /format/TestZoneTextPrinterParser.java - JDK-8278834: Error 'Cannot read field 'sym' because 'this.lvar[od]' is null' when compiling - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282227: Locale information for nb is not working properly - JDK-8282704: runtime/Thread/StopAtExit.java may leak memory - JDK-8283057: Update GCC to version 11.2.0 for Oracle builds on Linux - JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2 - JDK-8283520: JFR: Memory leak in dcmd_arena - JDK-8283566: G1: Improve G1BarrierSet::enqueue performance - JDK-8284331: Add sanity check for signal handler modification warning. - JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel - JDK-8285987: executing shell scripts without #! fails on Alpine linux - JDK-8286191: misc tests fail due to JDK-8285987 - JDK-8286287: Reading file as UTF-16 causes Error which 'shouldn't happen' - JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator - JDK-8286346: 3-parameter version of AllocateHeap should not ignore AllocFailType - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287541: Files.writeString fails to throw IOException for charset 'windows-1252' - JDK-8287854: Dangling reference in ClassVerifier::verify_class - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8288589: Files.readString ignores encoding errors for UTF-16 - JDK-8289509: Improve test coverage for XPath Axes: descendant, descendant-or-self, following, following-sibling - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8289949: Improve test coverage for XPath: operators - JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is subject to undefined behavior - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8292301: [REDO v2] C2 crash when allocating array of size too large - JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests resilience under spurious failures - JDK-8292713: Unsafe.allocateInstance should be intrinsified without UseUnalignedAccesses - JDK-8292755: Non-default method in interface leads to a stack overflow in JShell - JDK-8292990: Improve test coverage for XPath Axes: parent - JDK-8293295: Add type check asserts to java_lang_ref_Reference accessors - JDK-8293492: ShenandoahControlThread missing from hs-err log and thread dump - JDK-8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG - JDK-8293887: AArch64 build failure with GCC 12 due to maybe-uninitialized warning in libfdlibm k_rem_pio2.c - JDK-8294183: AArch64: Wrong macro check in SharedRuntime::generate_deopt_blob - JDK-8294281: Allow warnings to be disabled on a per-file basis - JDK-8294673: JFR: Add SecurityProviderService#threshold to TestActiveSettingEvent.java - JDK-8294717: (bf) DirectByteBuffer constructor will leak if allocating Deallocator or Cleaner fails with OOME - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295564: Norwegian Nynorsk Locale is missing formatting - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM - JDK-8296318: use-def assert: special case undetected loops nested in infinite loops - JDK-8296343: CPVE thrown on missing content-length in OCSP response - JDK-8296412: Special case infinite loops with unmerged backedges in IdealLoopTree::check_safepts - JDK-8296545: C2 Blackholes should allow load optimizations - JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297154: Improve safepoint cleanup logging - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8297587: Upgrade JLine to 3.22.0 - JDK-8297730: C2: Arraycopy intrinsic throws incorrect exception - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs - JDK-8298488: [macos13] tools/jpackage tests failing with 'Exit code: 137' on macOS - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299179: ArrayFill with store on backedge needs to reduce length by 1 - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8299544: Improve performance of CRC32C intrinsics (non-AVX-512) for small inputs - JDK-8299570: [JVMCI] Insufficient error handling when CodeBuffer is exhausted - JDK-8299959: C2: CmpU::Value must filter overflow computation against local sub computation - JDK-8300042: Improve CPU related JFR events descriptions - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300823: UB: Compile::_phase_optimize_finished is initialized too late - JDK-8300939: sun/security/provider/certpath/OCSP/ /OCSPNoContentLength.java fails due to network errors - JDK-8301050: Detect Xen Virtualization on Linux aarch64 - JDK-8301119: Support for GB18030-2022 - JDK-8301123: Enable Symbol refcounting underflow checks in PRODUCT - JDK-8301190: [vectorapi] The typeChar of LaneType is incorrect when default locale is tr - JDK-8301216: ForkJoinPool invokeAll() ignores timeout - JDK-8301338: Identical branch conditions in CompileBroker::print_heapinfo - JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument - JDK-8301637: ThreadLocalRandom.current().doubles().parallel() contention - JDK-8301661: Enhance os::pd_print_cpu_info on macOS and Windows - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined must respect ForceInline - JDK-8302320: AsyncGetCallTrace obtains too few frames in sanity test - JDK-8302491: NoClassDefFoundError omits the original cause of an error - JDK-8302508: Add timestamp to the output TraceCompilerThreads - JDK-8302594: use-after-free in Node::destruct - JDK-8302595: use-after-free related to GraphKit::clone_map - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8302849: SurfaceManager might expose partially constructed object - JDK-8303069: Memory leak in CompilerOracle::parse_from_line - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303130: Document required Accessibility permissions on macOS - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8 - JDK-8303440: The 'ZonedDateTime.parse' may not accept the 'UTC+XX' zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303508: Vector.lane() gets wrong value on x86 - JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during unrolling - JDK-8303564: C2: 'Bad graph detected in build_loop_late' after a CMove is wrongly split thru phi - JDK-8303575: adjust Xen handling on Linux aarch64 - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303588: [JVMCI] make JVMCI source directories conform with standard layout - JDK-8303809: Dispose context in SPNEGO NegotiatorImpl - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8303949: gcc10 warning Linux ppc64le - note: the layout of aggregates containing vectors with 8-byte alignment has changed in GCC 5 - JDK-8304054: Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed - JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java fails when checking LD_LIBRARY_PATH - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304671: javac regression: Compilation with --release 8 fails on underscore in enum identifiers - JDK-8304683: Memory leak in WB_IsMethodCompatible - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8304867: Explicitly disable dtrace for ppc builds - JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with ZGC - JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305403: Shenandoah evacuation workers may deadlock - JDK-8305481: gtest is_first_C_frame failing on ARM - JDK-8305690: [X86] Do not emit two REX prefixes in Assembler::prefix - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8305993: Add handleSocketErrorWithMessage to extend nio Net.c exception message - JDK-8305994: Guarantee eventual async monitor deflation - JDK-8306072: Open source several AWT MouseInfo related tests - JDK-8306133: Open source few AWT Drag & Drop related tests - JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests - JDK-8306432: Open source several AWT Text Component related tests - JDK-8306466: Open source more AWT Drag & Drop related tests - JDK-8306489: Open source AWT List related tests - JDK-8306543: GHA: MSVC installation is failing - JDK-8306640: Open source several AWT TextArea related tests - JDK-8306652: Open source AWT MenuItem related tests - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306681: Open source more AWT DnD related tests - JDK-8306683: Open source several clipboard and color AWT tests - JDK-8306752: Open source several container and component AWT tests - JDK-8306753: Open source several container AWT tests - JDK-8306755: Open source few Swing JComponent and AbstractButton tests - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306774: Make runtime/Monitor/ /GuaranteedAsyncDeflationIntervalTest.java more reliable - JDK-8306825: Monitor deflation might be accidentally disabled by zero intervals - JDK-8306850: Open source AWT Modal related tests - JDK-8306871: Open source more AWT Drag & Drop tests - JDK-8306883: Thread stacksize is reported with wrong units in os::create_thread logging - JDK-8306941: Open source several datatransfer and dnd AWT tests - JDK-8306943: Open source several dnd AWT tests - JDK-8306954: Open source five Focus related tests - JDK-8306955: Open source several JComboBox jtreg tests - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8306996: Open source Swing MenuItem related tests - JDK-8307080: Open source some more JComboBox jtreg tests - JDK-8307128: Open source some drag and drop tests 4 - JDK-8307130: Open source few Swing JMenu tests - JDK-8307133: Open source some JTable jtreg tests - JDK-8307134: Add GTS root CAs - JDK-8307135: java/awt/dnd/NotReallySerializableTest/ /NotReallySerializableTest.java failed - JDK-8307331: Correctly update line maps when class redefine rewrites bytecodes - JDK-8307346: Add missing gc+phases logging for ObjectCount(AfterGC) JFR event collection code - JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could leave files owned by root on macOS - JDK-8307378: Allow collectors to provide specific values for GC notifications' actions - JDK-8307381: Open Source JFrame, JIF related Swing Tests - JDK-8307425: Socket input stream read burns CPU cycles with back-to-back poll(0) calls - JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause - JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not removed from ExternalEditorTest - JDK-8308880: [17u] micro bench ZoneStrings missed in backport of 8278434 - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8311467: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8 The following package changes have been done: - java-17-openjdk-headless-17.0.8.0-150400.3.27.1 updated - java-17-openjdk-17.0.8.0-150400.3.27.1 updated From sle-updates at lists.suse.com Tue Aug 1 11:26:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Aug 2023 13:26:19 +0200 (CEST) Subject: SUSE-CU-2023:2481-1: Recommended update of bci/rust Message-ID: <20230801112619.25309FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2481-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-2.9.1 , bci/rust:oldstable , bci/rust:oldstable-2.9.1 Container Release : 9.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2559-1 Released: Tue Jun 20 18:03:33 2023 Summary: Recommended update for rust, rust1.70 Type: recommended Severity: moderate References: This update for rust, rust1.70 fixes the following issues: Changes in rust: - Update to version 1.70.0 - for details see the rust1.70 package Changes in rust1.70: Version 1.70.0 (2023-06-01) ========================== Language -------- - Relax ordering rules for `asm!` operands - Properly allow macro expanded `format_args` invocations to uses captures - Lint ambiguous glob re-exports - Perform const and unsafe checking for expressions in `let _ = expr` position. Compiler -------- - Extend -Cdebuginfo with new options and named aliases This provides a smaller version of debuginfo for cases that only need line number information (`-Cdebuginfo=line-tables-only`), which may eventually become the default for `-Cdebuginfo=1`. - Make `unused_allocation` lint against `Box::new` too - Detect uninhabited types early in const eval - Switch to LLD as default linker for {arm,thumb}v4t-none-eabi - Add tier 3 target `loongarch64-unknown-linux-gnu` - Add tier 3 target for `i586-pc-nto-qnx700` (QNX Neutrino RTOS, version 7.0) - Insert alignment checks for pointer dereferences as debug assertions This catches undefined behavior at runtime, and may cause existing code to fail. Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Document NonZeroXxx layout guarantees - Windows: make `Command` prefer non-verbatim paths - Implement Default for some alloc/core iterators - Fix handling of trailing bare CR in str::lines - allow negative numeric literals in `concat!` - Add documentation about the memory layout of `Cell` - Use `partial_cmp` to implement tuple `lt`/`le`/`ge`/`gt` - Stabilize `atomic_as_ptr` - Stabilize `nonnull_slice_from_raw_parts` - Partial stabilization of `once_cell` - Stabilize `nonzero_min_max` - Flatten/inline format_args!() and (string and int) literal arguments into format_args!() - Stabilize movbe target feature - don't splice from files into pipes in io::copy - Add a builtin unstable `FnPtr` trait that is implemented for all function pointers This extends `Debug`, `Pointer`, `Hash`, `PartialEq`, `Eq`, `PartialOrd`, and `Ord` implementations for function pointers with all ABIs. Stabilized APIs --------------- - `NonZero*::MIN/MAX` - `BinaryHeap::retain` - `Default for std::collections::binary_heap::IntoIter` - `Default for std::collections::btree_map::{IntoIter, Iter, IterMut}` - `Default for std::collections::btree_map::{IntoKeys, Keys}` - `Default for std::collections::btree_map::{IntoValues, Values}` - `Default for std::collections::btree_map::Range` - `Default for std::collections::btree_set::{IntoIter, Iter}` - `Default for std::collections::btree_set::Range` - `Default for std::collections::linked_list::{IntoIter, Iter, IterMut}` - `Default for std::vec::IntoIter` - `Default for std::iter::Chain` - `Default for std::iter::Cloned` - `Default for std::iter::Copied` - `Default for std::iter::Enumerate` - `Default for std::iter::Flatten` - `Default for std::iter::Fuse` - `Default for std::iter::Rev` - `Default for std::slice::Iter` - `Default for std::slice::IterMut` - `Rc::into_inner` - `Arc::into_inner` - `std::cell::OnceCell` - `Option::is_some_and` - `NonNull::slice_from_raw_parts` - `Result::is_ok_and` - `Result::is_err_and` - `std::sync::atomic::Atomic*::as_ptr` - `std::io::IsTerminal` - `std::os::linux::net::SocketAddrExt` - `std::os::unix::net::UnixDatagram::bind_addr` - `std::os::unix::net::UnixDatagram::connect_addr` - `std::os::unix::net::UnixDatagram::send_to_addr` - `std::os::unix::net::UnixListener::bind_addr` - `std::path::Path::as_mut_os_str` - `std::sync::OnceLock` Cargo ----- - Add `CARGO_PKG_README` - Make `sparse` the default protocol for crates.io - Accurately show status when downgrading dependencies - Use registry.default for login/logout - Stabilize `cargo logout` Misc ---- - Stabilize rustdoc `--test-run-directory` Compatibility Notes ------------------- - Prevent stable `libtest` from supporting `-Zunstable-options` - Perform const and unsafe checking for expressions in `let _ = expr` position. - WebAssembly targets enable `sign-ext` and `mutable-globals` features in codegen This may cause incompatibility with older execution environments. - Insert alignment checks for pointer dereferences as debug assertions This catches undefined behavior at runtime, and may cause existing code to fail. The following package changes have been done: - rust1.70-1.70.0-150400.9.3.1 added - cargo1.70-1.70.0-150400.9.3.1 added - cargo1.69-1.69.0-150400.9.3.1 removed - rust1.69-1.69.0-150400.9.3.1 removed From sle-updates at lists.suse.com Tue Aug 1 11:26:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Aug 2023 13:26:29 +0200 (CEST) Subject: SUSE-CU-2023:2482-1: Recommended update of bci/rust Message-ID: <20230801112629.56B34FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2482-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-1.10.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.10.1 Container Release : 10.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2978-1 Released: Wed Jul 26 09:56:57 2023 Summary: Recommended update for rust, rust1.71 Type: recommended Severity: moderate References: This update for rust and rust1.71 fixes the following issues: This update ships rust1.71. Version 1.71.0 (2023-07-13) ========================== Language -------- - Stabilize `raw-dylib`, `link_ordinal`, `import_name_type` and `-Cdlltool`. - Uplift `clippy::{drop,forget}_{ref,copy}` lints. - Type inference is more conservative around constrained vars. - Use fulfillment to check `Drop` impl compatibility Compiler -------- - Evaluate place expression in `PlaceMention` making `let _ =` patterns more consistent with respect to the borrow checker. - Add `--print deployment-target` flag for Apple targets. - Stabilize `extern 'C-unwind'` and friends. The existing `extern 'C'` etc. may change behavior for cross-language unwinding in a future release. - Update the version of musl used on `*-linux-musl` targets to 1.2.3 enabling [time64](https://musl.libc.org/time64.html) on 32-bit systems. - Stabilize `debugger_visualizer` for embedding metadata like Microsoft's Natvis. - Enable flatten-format-args by default. - Make `Self` respect tuple constructor privacy. - Improve niche placement by trying two strategies and picking the better result. - Use `apple-m1` as the target CPU for `aarch64-apple-darwin`. - Add Tier 3 support for the `x86_64h-apple-darwin` target. - Promote `loongarch64-unknown-linux-gnu` to Tier 2 with host tools. Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - Rework handling of recursive panics. Additional panics are allowed while unwinding, as long as they are caught before escaping a `Drop` implementation, but panicking within a panic hook is now an immediate abort. - Loosen `From<&[T]> for Box<[T]>` bound to `T: Clone`. - Remove unnecessary `T: Send` bound in `Error for mpsc::SendError` and `TrySendError`. - Fix docs for `alloc::realloc` to match `Layout` requirements that the size must not exceed `isize::MAX`. - Document `const {}` syntax for `std::thread_local`. This syntax was stabilized in Rust 1.59, but not previously mentioned in release notes. Stabilized APIs --------------- - `CStr::is_empty`](https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#method.is_empty) - `BuildHasher::hash_one`](https://doc.rust-lang.org/stable/std/hash/trait.BuildHasher.html#method.hash_one) - `NonZeroI*::is_positive`](https://doc.rust-lang.org/stable/std/num/struct.NonZeroI32.html#method.is_positive) - `NonZeroI*::is_negative`](https://doc.rust-lang.org/stable/std/num/struct.NonZeroI32.html#method.is_negative) - `NonZeroI*::checked_neg`](https://doc.rust-lang.org/stable/std/num/struct.NonZeroI32.html#method.checked_neg) - `NonZeroI*::overflowing_neg`](https://doc.rust-lang.org/stable/std/num/struct.NonZeroI32.html#method.overflowing_neg) - `NonZeroI*::saturating_neg`](https://doc.rust-lang.org/stable/std/num/struct.NonZeroI32.html#method.saturating_neg) - `NonZeroI*::wrapping_neg`](https://doc.rust-lang.org/stable/std/num/struct.NonZeroI32.html#method.wrapping_neg) - `Neg for NonZeroI*`](https://doc.rust-lang.org/stable/std/num/struct.NonZeroI32.html#impl-Neg-for-NonZeroI32) - `Neg for &NonZeroI*`](https://doc.rust-lang.org/stable/std/num/struct.NonZeroI32.html#impl-Neg-for-%26NonZeroI32) - `From<[T; N]> for (T...)`](https://doc.rust-lang.org/stable/std/primitive.array.html#impl-From%3C%5BT;+1%5D%3E-for-(T,)) (array to N-tuple for N in 1..=12) - `From<(T...)> for [T; N]`](https://doc.rust-lang.org/stable/std/primitive.array.html#impl-From%3C(T,)%3E-for-%5BT;+1%5D) (N-tuple to array for N in 1..=12) - `windows::io::AsHandle for Box`](https://doc.rust-lang.org/stable/std/os/windows/io/trait.AsHandle.html#impl-AsHandle-for-Box%3CT%3E) - `windows::io::AsHandle for Rc`](https://doc.rust-lang.org/stable/std/os/windows/io/trait.AsHandle.html#impl-AsHandle-for-Rc%3CT%3E) - `windows::io::AsHandle for Arc`](https://doc.rust-lang.org/stable/std/os/windows/io/trait.AsHandle.html#impl-AsHandle-for-Arc%3CT%3E) - `windows::io::AsSocket for Box`](https://doc.rust-lang.org/stable/std/os/windows/io/trait.AsSocket.html#impl-AsSocket-for-Box%3CT%3E) - `windows::io::AsSocket for Rc`](https://doc.rust-lang.org/stable/std/os/windows/io/trait.AsSocket.html#impl-AsSocket-for-Rc%3CT%3E) - `windows::io::AsSocket for Arc`](https://doc.rust-lang.org/stable/std/os/windows/io/trait.AsSocket.html#impl-AsSocket-for-Arc%3CT%3E) These APIs are now stable in const contexts: - `<*const T>::read`](https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.read) - `<*const T>::read_unaligned`](https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.read_unaligned) - `<*mut T>::read`](https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.read-1) - `<*mut T>::read_unaligned`](https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.read_unaligned-1) - `ptr::read`](https://doc.rust-lang.org/stable/std/ptr/fn.read.html) - `ptr::read_unaligned`](https://doc.rust-lang.org/stable/std/ptr/fn.read_unaligned.html) - `<[T]>::split_at`](https://doc.rust-lang.org/stable/std/primitive.slice.html#method.split_at) Cargo ----- - Allow named debuginfo options in `Cargo.toml`. - Add `workspace_default_members` to the output of `cargo metadata`. - `cargo add` now considers `rust-version` when selecting packages. - Automatically inherit workspace fields when running `cargo new`/`cargo init`. Rustdoc ------- - Add a new `rustdoc::unescaped_backticks` lint for broken inline code. - Support strikethrough with single tildes.](https://github.com/rust-lang/rust/pull/111152/) (`~~old~~` vs. `~new~`) Misc ---- Compatibility Notes ------------------- - Remove structural match from `TypeId`. Code that uses a constant `TypeId` in a pattern will potentially be broken. Known cases have already been fixed -- in particular, users of the `log` crate's `kv_unstable` feature should update to `log v0.4.18` or later. - Add a `sysroot` crate to represent the standard library crates. This does not affect stable users, but may require adjustment in tools that build their own standard library. - Cargo optimizes its usage under `rustup`. When Cargo detects it will run `rustc` pointing to a rustup proxy, it'll try bypassing the proxy and use the underlying binary directly. There are assumptions around the interaction with rustup and `RUSTUP_TOOLCHAIN`. However, it's not expected to affect normal users. - When querying a package, Cargo tries only the original name, all hyphens, and all underscores to handle misspellings. Previously, Cargo tried each combination of hyphens and underscores, causing excessive requests to crates.io. - Cargo now disallows `RUSTUP_HOME` and `RUSTUP_TOOLCHAIN` in the `[env]` configuration table. This is considered to be not a use case Cargo would like to support, since it will likely cause problems or lead to confusion. The following package changes have been done: - rust1.71-1.71.0-150400.9.3.1 added - cargo1.71-1.71.0-150400.9.3.1 added - cargo1.70-1.70.0-150400.9.3.1 removed - rust1.70-1.70.0-150400.9.3.1 removed From sle-updates at lists.suse.com Tue Aug 1 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:09 -0000 Subject: SUSE-RU-2023:3099-1: important: Recommended update for rmt-server Message-ID: <169089300999.27691.9473451003171284293@smelt2.suse.de> # Recommended update for rmt-server Announcement ID: SUSE-RU-2023:3099-1 Rating: important References: * #1209825 * #1213002 Affected Products: * Public Cloud Module 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that has two recommended fixes can now be installed. ## Description: This update for rmt-server fixes the following issues: * Version 2.14 * Add command 'rmt-cli clean packages', which removes dangling packages no longer referenced in the available metadata files and their database entries. (gh#662) * Fix the SUSE Liberty registration script to allow registering with RMT servers that self-sign certificates and enable both old and new singing keys for SLL8 (bsc#1209825) * Fix a regression in the local import of packages with special characters (bsc#1213002) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3099=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3099=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3099=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3099=1 ## Package List: * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * rmt-server-debugsource-2.14-150200.3.35.1 * rmt-server-pubcloud-2.14-150200.3.35.1 * rmt-server-debuginfo-2.14-150200.3.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64) * rmt-server-config-2.14-150200.3.35.1 * rmt-server-debugsource-2.14-150200.3.35.1 * rmt-server-2.14-150200.3.35.1 * rmt-server-debuginfo-2.14-150200.3.35.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x) * rmt-server-config-2.14-150200.3.35.1 * rmt-server-debugsource-2.14-150200.3.35.1 * rmt-server-2.14-150200.3.35.1 * rmt-server-debuginfo-2.14-150200.3.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * rmt-server-config-2.14-150200.3.35.1 * rmt-server-debugsource-2.14-150200.3.35.1 * rmt-server-2.14-150200.3.35.1 * rmt-server-debuginfo-2.14-150200.3.35.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209825 * https://bugzilla.suse.com/show_bug.cgi?id=1213002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:11 -0000 Subject: SUSE-RU-2023:3098-1: important: Recommended update for rmt-server Message-ID: <169089301171.27691.12125316136533355562@smelt2.suse.de> # Recommended update for rmt-server Announcement ID: SUSE-RU-2023:3098-1 Rating: important References: * #1209825 * #1213002 Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that has two recommended fixes can now be installed. ## Description: This update for rmt-server fixes the following issues: * Version 2.14 * Add command 'rmt-cli clean packages', which removes dangling packages no longer referenced in the available metadata files and their database entries. (gh#662) * Fix the SUSE Liberty registration script to allow registering with RMT servers that self-sign certificates and enable both old and new singing keys for SLL8 (bsc#1209825) * Fix a regression in the local import of packages with special characters (bsc#1213002) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3098=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3098=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3098=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3098=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.14-150100.3.48.1 * rmt-server-pubcloud-2.14-150100.3.48.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64) * rmt-server-2.14-150100.3.48.1 * rmt-server-debuginfo-2.14-150100.3.48.1 * rmt-server-config-2.14-150100.3.48.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x) * rmt-server-2.14-150100.3.48.1 * rmt-server-debuginfo-2.14-150100.3.48.1 * rmt-server-config-2.14-150100.3.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le) * rmt-server-2.14-150100.3.48.1 * rmt-server-debuginfo-2.14-150100.3.48.1 * rmt-server-config-2.14-150100.3.48.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209825 * https://bugzilla.suse.com/show_bug.cgi?id=1213002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:13 -0000 Subject: SUSE-SU-2023:3097-1: moderate: Security update for pipewire Message-ID: <169089301321.27691.13690529269491963947@smelt2.suse.de> # Security update for pipewire Announcement ID: SUSE-SU-2023:3097-1 Rating: moderate References: * #1213682 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for pipewire fixes the following security issues: * Fixed issue where an app which only has permission to access one stream can also access other streams (bsc#1213682). Bugfixes: \- Fixed division by 0 and other issues with invalid values (glfo#pipewire/pipewire#2953) \- Fixed an overflow resulting in choppy sound in some cases (glfo#pipewire/pipewire#2680) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3097=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3097=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3097=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pipewire-libpulse-0_3-debuginfo-0.3.6-150200.3.9.1 * pipewire-libpulse-0_3-0.3.6-150200.3.9.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * pipewire-libpulse-0_3-debuginfo-0.3.6-150200.3.9.1 * pipewire-debugsource-0.3.6-150200.3.9.1 * pipewire-debuginfo-0.3.6-150200.3.9.1 * pipewire-libpulse-0_3-0.3.6-150200.3.9.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * pipewire-libpulse-0_3-debuginfo-0.3.6-150200.3.9.1 * pipewire-debugsource-0.3.6-150200.3.9.1 * pipewire-debuginfo-0.3.6-150200.3.9.1 * pipewire-libpulse-0_3-0.3.6-150200.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213682 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:16 -0000 Subject: SUSE-SU-2023:3096-1: moderate: Security update for compat-openssl098 Message-ID: <169089301667.27691.7664992932743022106@smelt2.suse.de> # Security update for compat-openssl098 Announcement ID: SUSE-SU-2023:3096-1 Rating: moderate References: * #1201627 * #1207534 * #1213487 Cross-References: * CVE-2022-4304 * CVE-2023-3446 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3446 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for compat-openssl098 fixes the following issues: * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). * Update further expiring certificates that affect tests (bsc#1201627). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-3096=1 * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2023-3096=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-3096=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl0_9_8-debuginfo-0.9.8j-106.58.1 * compat-openssl098-debugsource-0.9.8j-106.58.1 * libopenssl0_9_8-0.9.8j-106.58.1 * Legacy Module 12 (s390x x86_64) * libopenssl0_9_8-0.9.8j-106.58.1 * libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.58.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.58.1 * libopenssl0_9_8-32bit-0.9.8j-106.58.1 * compat-openssl098-debugsource-0.9.8j-106.58.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl0_9_8-debuginfo-0.9.8j-106.58.1 * compat-openssl098-debugsource-0.9.8j-106.58.1 * libopenssl0_9_8-0.9.8j-106.58.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1201627 * https://bugzilla.suse.com/show_bug.cgi?id=1207534 * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:18 -0000 Subject: SUSE-SU-2023:3094-1: moderate: Security update for python-requests Message-ID: <169089301859.27691.6785600707656598044@smelt2.suse.de> # Security update for python-requests Announcement ID: SUSE-SU-2023:3094-1 Rating: moderate References: * #1211674 Cross-References: * CVE-2023-32681 CVSS scores: * CVE-2023-32681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2023-32681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: * Public Cloud Module 15-SP1 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2023-32681: fixed unintended leak of Proxy-Authorization header (bsc#1211674). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3094=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3094=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3094=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3094=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3094=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3094=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3094=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3094=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * Public Cloud Module 15-SP1 (noarch) * python2-requests-2.25.1-150100.6.16.1 * python3-requests-2.25.1-150100.6.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python2-requests-2.25.1-150100.6.16.1 * python3-requests-2.25.1-150100.6.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python2-requests-2.25.1-150100.6.16.1 * python3-requests-2.25.1-150100.6.16.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python2-requests-2.25.1-150100.6.16.1 * python3-requests-2.25.1-150100.6.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python2-requests-2.25.1-150100.6.16.1 * python3-requests-2.25.1-150100.6.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python2-requests-2.25.1-150100.6.16.1 * python3-requests-2.25.1-150100.6.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python2-requests-2.25.1-150100.6.16.1 * python3-requests-2.25.1-150100.6.16.1 * SUSE Enterprise Storage 7 (noarch) * python2-requests-2.25.1-150100.6.16.1 * python3-requests-2.25.1-150100.6.16.1 * SUSE CaaS Platform 4.0 (noarch) * python2-requests-2.25.1-150100.6.16.1 * python3-requests-2.25.1-150100.6.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32681.html * https://bugzilla.suse.com/show_bug.cgi?id=1211674 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:20 -0000 Subject: SUSE-SU-2023:3093-1: moderate: Security update for openssl-1_0_0 Message-ID: <169089302080.27691.8280669080887749259@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:3093-1 Rating: moderate References: * #1213487 Cross-References: * CVE-2023-3446 CVSS scores: * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3446 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3093=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3093=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3093=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3093=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3093=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3093=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3093=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3093=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3093=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3093=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3093=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3093=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3093=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3093=1 ## Package List: * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-1.0.2p-150000.3.82.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl10-1.0.2p-150000.3.82.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-1.0.2p-150000.3.82.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl10-1.0.2p-150000.3.82.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl10-1.0.2p-150000.3.82.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl10-1.0.2p-150000.3.82.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl10-1.0.2p-150000.3.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openssl-1_0_0-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl10-1.0.2p-150000.3.82.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl10-1.0.2p-150000.3.82.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * openssl-1_0_0-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * SUSE CaaS Platform 4.0 (x86_64) * openssl-1_0_0-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.82.1 * libopenssl10-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-1.0.2p-150000.3.82.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl10-1.0.2p-150000.3.82.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_0_0-32bit-1.0.2p-150000.3.82.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.82.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.82.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.82.1 * openSUSE Leap 15.4 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.82.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.82.1 * libopenssl10-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.82.1 * openssl-1_0_0-1.0.2p-150000.3.82.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.82.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.82.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.82.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.82.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.82.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-1.0.2p-150000.3.82.1 * libopenssl10-1.0.2p-150000.3.82.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_0_0-32bit-1.0.2p-150000.3.82.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.82.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.82.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.82.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.82.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.82.1 * openSUSE Leap 15.5 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.82.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:23 -0000 Subject: SUSE-RU-2023:3092-1: moderate: Recommended update for python-kubernetes Message-ID: <169089302352.27691.18417107332295262776@smelt2.suse.de> # Recommended update for python-kubernetes Announcement ID: SUSE-RU-2023:3092-1 Rating: moderate References: * #1151481 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features and has one recommended fix can now be installed. ## Description: python-kubernetes was updated to the latest version, (bsc#1151481, jsc#PED-2217 and jsc#PED-68) Version update to 26.1.0 See https://github.com/kubernetes-client/python/blob/master/CHANGELOG.md ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3092=1 openSUSE-SLE-15.4-2023-3092=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3092=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3092=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-3092=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-kubernetes-26.1.0-150400.10.3.1 * openSUSE Leap 15.5 (noarch) * python3-kubernetes-26.1.0-150400.10.3.1 * Containers Module 15-SP4 (noarch) * python3-kubernetes-26.1.0-150400.10.3.1 * Containers Module 15-SP5 (noarch) * python3-kubernetes-26.1.0-150400.10.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1151481 * https://jira.suse.com/browse/PED-2217 * https://jira.suse.com/browse/PED-68 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:25 -0000 Subject: SUSE-SU-2023:3091-1: moderate: Security update for gnuplot Message-ID: <169089302584.27691.15845786220228545659@smelt2.suse.de> # Security update for gnuplot Announcement ID: SUSE-SU-2023:3091-1 Rating: moderate References: * #1176689 * #1213068 Cross-References: * CVE-2020-25969 CVSS scores: * CVE-2020-25969 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2020-25969 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for gnuplot fixes the following issues: * CVE-2020-25969: Fixed buffer overflow via the function plotrequest() (bsc#1213068). * CVE-2020-25559: Fixed double free when executing print_set_output (bsc#1176689). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3091=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3091=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3091=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * gnuplot-debugsource-4.6.5-3.6.1 * gnuplot-debuginfo-4.6.5-3.6.1 * gnuplot-4.6.5-3.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * gnuplot-debugsource-4.6.5-3.6.1 * gnuplot-debuginfo-4.6.5-3.6.1 * gnuplot-4.6.5-3.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * gnuplot-debugsource-4.6.5-3.6.1 * gnuplot-debuginfo-4.6.5-3.6.1 * gnuplot-4.6.5-3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2020-25969.html * https://bugzilla.suse.com/show_bug.cgi?id=1176689 * https://bugzilla.suse.com/show_bug.cgi?id=1213068 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 12:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:29 -0000 Subject: SUSE-RU-2023:2341-2: moderate: Recommended update for libsigc++2 Message-ID: <169089302965.27691.2763341555692105841@smelt2.suse.de> # Recommended update for libsigc++2 Announcement ID: SUSE-RU-2023:2341-2 Rating: moderate References: * #1209094 * #1209140 Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for libsigc++2 fixes the following issues: * Remove executable permission for file (bsc#1209094, bsc#1209140) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2341=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2341=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2341=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsigc++2-debugsource-2.10.7-150400.3.3.1 * libsigc-2_0-0-debuginfo-2.10.7-150400.3.3.1 * atkmm1_6-devel-2.28.3-150400.4.6.1 * libatkmm-1_6-1-2.28.3-150400.4.6.1 * libsigc-2_0-0-2.10.7-150400.3.3.1 * atkmm1_6-debugsource-2.28.3-150400.4.6.1 * libsigc++2-devel-2.10.7-150400.3.3.1 * libatkmm-1_6-1-debuginfo-2.28.3-150400.4.6.1 * openSUSE Leap 15.5 (x86_64) * libsigc-2_0-0-32bit-debuginfo-2.10.7-150400.3.3.1 * libatkmm-1_6-1-32bit-2.28.3-150400.4.6.1 * libsigc-2_0-0-32bit-2.10.7-150400.3.3.1 * libatkmm-1_6-1-32bit-debuginfo-2.28.3-150400.4.6.1 * atkmm1_6-devel-32bit-2.28.3-150400.4.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libsigc++2-debugsource-2.10.7-150400.3.3.1 * libsigc++2-devel-2.10.7-150400.3.3.1 * libsigc-2_0-0-debuginfo-2.10.7-150400.3.3.1 * libsigc-2_0-0-2.10.7-150400.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libatkmm-1_6-1-debuginfo-2.28.3-150400.4.6.1 * libatkmm-1_6-1-2.28.3-150400.4.6.1 * atkmm1_6-devel-2.28.3-150400.4.6.1 * atkmm1_6-debugsource-2.28.3-150400.4.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209094 * https://bugzilla.suse.com/show_bug.cgi?id=1209140 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:31 -0000 Subject: SUSE-SU-2023:3090-1: moderate: Security update for guava Message-ID: <169089303156.27691.10832750241008934760@smelt2.suse.de> # Security update for guava Announcement ID: SUSE-SU-2023:3090-1 Rating: moderate References: * #1179926 * #1212401 Cross-References: * CVE-2020-8908 * CVE-2023-2976 CVSS scores: * CVE-2020-8908 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2020-8908 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-2976 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2976 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for guava fixes the following issues: Upgrade to guava 32.0.1: * CVE-2020-8908: Fixed predictable temporary files and directories used in FileBackedOutputStream (bsc#1179926). * CVE-2023-2976: Fixed a temp directory creation vulnerability (bsc#1212401). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3090=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3090=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3090=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3090=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3090=1 ## Package List: * openSUSE Leap 15.4 (noarch) * guava-javadoc-32.0.1-150200.3.7.1 * guava-testlib-32.0.1-150200.3.7.1 * guava-32.0.1-150200.3.7.1 * openSUSE Leap 15.5 (noarch) * guava-javadoc-32.0.1-150200.3.7.1 * guava-testlib-32.0.1-150200.3.7.1 * guava-32.0.1-150200.3.7.1 * Development Tools Module 15-SP4 (noarch) * guava-32.0.1-150200.3.7.1 * Development Tools Module 15-SP5 (noarch) * guava-32.0.1-150200.3.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * guava-32.0.1-150200.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2020-8908.html * https://www.suse.com/security/cve/CVE-2023-2976.html * https://bugzilla.suse.com/show_bug.cgi?id=1179926 * https://bugzilla.suse.com/show_bug.cgi?id=1212401 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 12:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 12:30:34 -0000 Subject: SUSE-SU-2023:3089-1: moderate: Security update for xmltooling Message-ID: <169089303401.27691.6078804582347003749@smelt2.suse.de> # Security update for xmltooling Announcement ID: SUSE-SU-2023:3089-1 Rating: moderate References: * #1212359 Cross-References: * CVE-2023-36661 CVSS scores: * CVE-2023-36661 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2023-36661 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xmltooling fixes the following issues: * CVE-2023-36661: Fix server-side request forgery vulnerability (bsc#1212359) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3089=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3089=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3089=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3089=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3089=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3089=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3089=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3089=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3089=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3089=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3089=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3089=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3089=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libxmltooling-lite9-3.1.0-150300.3.3.1 * libxmltooling9-3.1.0-150300.3.3.1 * xmltooling-debugsource-3.1.0-150300.3.3.1 * xmltooling-schemas-3.1.0-150300.3.3.1 * libxmltooling-lite9-debuginfo-3.1.0-150300.3.3.1 * xmltooling-debuginfo-3.1.0-150300.3.3.1 * libxmltooling-devel-3.1.0-150300.3.3.1 * libxmltooling9-debuginfo-3.1.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36661.html * https://bugzilla.suse.com/show_bug.cgi?id=1212359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 16:30:03 -0000 Subject: SUSE-SU-2023:3111-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3) Message-ID: <169090740352.22343.13314378819266312925@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:3111-1 Rating: important References: * #1210566 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_101 fixes several issues. The following security issues were fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3111=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-3112=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-3113=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_106-default-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_112-default-6-150300.2.2 * kernel-livepatch-5_3_18-150300_59_101-default-9-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 16:30:06 -0000 Subject: SUSE-SU-2023:3107-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2) Message-ID: <169090740608.22343.9694621415537719306@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:3107-1 Rating: important References: * #1210566 * #1212347 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-3159 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_129 fixes several issues. The following security issues were fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3107=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-3108=1 SUSE-SLE-Module-Live- Patching-15-SP2-2023-3109=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-3110=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-3114=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_139-default-7-150200.2.2 * kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2 * kernel-livepatch-5_3_18-150200_24_154-default-debuginfo-2-150200.2.1 * kernel-livepatch-5_3_18-150200_24_148-default-debuginfo-4-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_32-debugsource-7-150200.2.2 * kernel-livepatch-5_3_18-150200_24_145-default-debuginfo-5-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_35-debugsource-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_154-default-2-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_37-debugsource-2-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_34-debugsource-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_145-default-5-150200.2.1 * kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-10-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_30-debugsource-10-150200.2.2 * kernel-livepatch-5_3_18-150200_24_148-default-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_139-default-debuginfo-7-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212347 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 16:30:08 -0000 Subject: SUSE-SU-2023:3104-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP5) Message-ID: <169090740818.22343.14493418655364283710@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:3104-1 Rating: important References: * #1210566 * #1212347 Cross-References: * CVE-2023-2002 * CVE-2023-3159 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_130 fixes several issues. The following security issues were fixed: * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3104=1 SUSE-SLE-Live- Patching-12-SP5-2023-3105=1 SUSE-SLE-Live-Patching-12-SP5-2023-3106=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_162-default-2-2.2 * kgraft-patch-4_12_14-122_130-default-12-2.3 * kgraft-patch-4_12_14-122_159-default-3-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1212347 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 16:30:10 -0000 Subject: SUSE-RU-2023:3103-1: moderate: Recommended update for yast2-storage-ng Message-ID: <169090741082.22343.12716219839144024325@smelt2.suse.de> # Recommended update for yast2-storage-ng Announcement ID: SUSE-RU-2023:3103-1 Rating: moderate References: * #1211337 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for yast2-storage-ng fixes the following issues: * Prevent setting the volume label for a mounted btrfs or swap (bsc#1211337) * Update to version 4.5.23 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3103=1 openSUSE-SLE-15.5-2023-3103=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3103=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yast2-storage-ng-4.5.24-150500.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.5.24-150500.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211337 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 16:30:12 -0000 Subject: SUSE-RU-2023:3102-1: moderate: Recommended update for openssl-1_1 Message-ID: <169090741267.22343.15742894980097879315@smelt2.suse.de> # Recommended update for openssl-1_1 Announcement ID: SUSE-RU-2023:3102-1 Rating: moderate References: * #1213517 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * Dont pass zero length input to EVP_Cipher (bsc#1213517) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3102=1 openSUSE-SLE-15.5-2023-3102=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3102=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-debuginfo-1.1.1l-150500.17.12.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.12.1 * openssl-1_1-debugsource-1.1.1l-150500.17.12.1 * libopenssl1_1-hmac-1.1.1l-150500.17.12.1 * openssl-1_1-1.1.1l-150500.17.12.1 * libopenssl1_1-1.1.1l-150500.17.12.1 * libopenssl-1_1-devel-1.1.1l-150500.17.12.1 * openSUSE Leap 15.5 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.12.1 * libopenssl1_1-32bit-1.1.1l-150500.17.12.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.12.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.12.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.12.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.12.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.12.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.12.1 * libopenssl1_1-64bit-1.1.1l-150500.17.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.12.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.12.1 * openssl-1_1-debugsource-1.1.1l-150500.17.12.1 * libopenssl1_1-hmac-1.1.1l-150500.17.12.1 * openssl-1_1-1.1.1l-150500.17.12.1 * libopenssl1_1-1.1.1l-150500.17.12.1 * libopenssl-1_1-devel-1.1.1l-150500.17.12.1 * Basesystem Module 15-SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.12.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.12.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213517 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 16:30:14 -0000 Subject: SUSE-RU-2023:3101-1: important: Recommended update for rmt-server Message-ID: <169090741473.22343.9839041969839229119@smelt2.suse.de> # Recommended update for rmt-server Announcement ID: SUSE-RU-2023:3101-1 Rating: important References: * #1209825 * #1213002 Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for rmt-server fixes the following issues: * Version 2.14 * Add command 'rmt-cli clean packages', which removes dangling packages no longer referenced in the available metadata files and their database entries. (gh#662) * Fix the SUSE Liberty registration script to allow registering with RMT servers that self-sign certificates and enable both old and new singing keys for SLL8 (bsc#1209825) * Fix a regression in the local import of packages with special characters (bsc#1213002) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3101=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3101=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3101=1 openSUSE-SLE-15.4-2023-3101=1 ## Package List: * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.14-150400.3.15.1 * rmt-server-pubcloud-2.14-150400.3.15.1 * rmt-server-debugsource-2.14-150400.3.15.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rmt-server-debuginfo-2.14-150400.3.15.1 * rmt-server-2.14-150400.3.15.1 * rmt-server-config-2.14-150400.3.15.1 * rmt-server-debugsource-2.14-150400.3.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rmt-server-debugsource-2.14-150400.3.15.1 * rmt-server-2.14-150400.3.15.1 * rmt-server-config-2.14-150400.3.15.1 * rmt-server-debuginfo-2.14-150400.3.15.1 * rmt-server-pubcloud-2.14-150400.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209825 * https://bugzilla.suse.com/show_bug.cgi?id=1213002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 16:30:16 -0000 Subject: SUSE-RU-2023:3100-1: important: Recommended update for rmt-server Message-ID: <169090741674.22343.17538139654123679104@smelt2.suse.de> # Recommended update for rmt-server Announcement ID: SUSE-RU-2023:3100-1 Rating: important References: * #1209825 * #1213002 Affected Products: * Public Cloud Module 15-SP3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has two recommended fixes can now be installed. ## Description: This update for rmt-server fixes the following issues: * Version 2.14 * Add command 'rmt-cli clean packages', which removes dangling packages no longer referenced in the available metadata files and their database entries. (gh#662) * Fix the SUSE Liberty registration script to allow registering with RMT servers that self-sign certificates and enable both old and new singing keys for SLL8 (bsc#1209825) * Fix a regression in the local import of packages with special characters (bsc#1213002) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3100=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3100=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3100=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3100=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3100=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3100=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3100=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3100=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3100=1 ## Package List: * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * rmt-server-pubcloud-2.14-150300.3.27.1 * rmt-server-debuginfo-2.14-150300.3.27.1 * rmt-server-debugsource-2.14-150300.3.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * rmt-server-2.14-150300.3.27.1 * rmt-server-config-2.14-150300.3.27.1 * rmt-server-debuginfo-2.14-150300.3.27.1 * rmt-server-debugsource-2.14-150300.3.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * rmt-server-2.14-150300.3.27.1 * rmt-server-config-2.14-150300.3.27.1 * rmt-server-debuginfo-2.14-150300.3.27.1 * rmt-server-debugsource-2.14-150300.3.27.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * rmt-server-2.14-150300.3.27.1 * rmt-server-config-2.14-150300.3.27.1 * rmt-server-debuginfo-2.14-150300.3.27.1 * rmt-server-debugsource-2.14-150300.3.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * rmt-server-2.14-150300.3.27.1 * rmt-server-config-2.14-150300.3.27.1 * rmt-server-debuginfo-2.14-150300.3.27.1 * rmt-server-debugsource-2.14-150300.3.27.1 * SUSE Manager Proxy 4.2 (x86_64) * rmt-server-2.14-150300.3.27.1 * rmt-server-config-2.14-150300.3.27.1 * rmt-server-debuginfo-2.14-150300.3.27.1 * rmt-server-debugsource-2.14-150300.3.27.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * rmt-server-2.14-150300.3.27.1 * rmt-server-config-2.14-150300.3.27.1 * rmt-server-debuginfo-2.14-150300.3.27.1 * rmt-server-debugsource-2.14-150300.3.27.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * rmt-server-2.14-150300.3.27.1 * rmt-server-config-2.14-150300.3.27.1 * rmt-server-debuginfo-2.14-150300.3.27.1 * rmt-server-debugsource-2.14-150300.3.27.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * rmt-server-2.14-150300.3.27.1 * rmt-server-config-2.14-150300.3.27.1 * rmt-server-debuginfo-2.14-150300.3.27.1 * rmt-server-debugsource-2.14-150300.3.27.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209825 * https://bugzilla.suse.com/show_bug.cgi?id=1213002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 20:30:04 -0000 Subject: SUSE-SU-2023:3116-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5) Message-ID: <169092180497.15809.3659774034032685124@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3116-1 Rating: important References: * #1210566 * #1210987 * #1212348 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-2235 * CVE-2023-33952 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33952 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-33952 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_53 fixes several issues. The following security issues were fixed: * * CVE-2023-33952: Fixed a vmwgfx Driver Double Free Local Privilege Escalation Vulnerability (bsc#1212348). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3116=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3116=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_53-default-2-150500.3.1 * kernel-livepatch-SLE15-SP5_Update_0-debugsource-2-150500.3.1 * kernel-livepatch-5_14_21-150500_53-default-debuginfo-2-150500.3.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_53-default-2-150500.3.1 * kernel-livepatch-SLE15-SP5_Update_0-debugsource-2-150500.3.1 * kernel-livepatch-5_14_21-150500_53-default-debuginfo-2-150500.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-33952.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1210987 * https://bugzilla.suse.com/show_bug.cgi?id=1212348 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 1 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 01 Aug 2023 20:30:07 -0000 Subject: SUSE-SU-2023:3115-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP4) Message-ID: <169092180732.15809.13465653820996945643@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:3115-1 Rating: important References: * #1212509 Cross-References: * CVE-2023-35788 CVSS scores: * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_66 fixes one issue. The following security issue was fixed: * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3115=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3115=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_66-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_66-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-2-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 07:04:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:04:29 +0200 (CEST) Subject: SUSE-CU-2023:2484-1: Recommended update of suse/389-ds Message-ID: <20230802070429.7F38DF785@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2484-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.32 , suse/389-ds:latest Container Release : 14.32 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - openssl-1_1-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 07:04:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:04:37 +0200 (CEST) Subject: SUSE-CU-2023:2485-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230802070437.6C001F785@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2485-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-10.18 , bci/dotnet-aspnet:6.0.20 , bci/dotnet-aspnet:6.0.20-10.18 Container Release : 10.18 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 07:04:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:04:44 +0200 (CEST) Subject: SUSE-CU-2023:2486-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230802070444.68843F785@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2486-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.18 , bci/dotnet-aspnet:7.0.9 , bci/dotnet-aspnet:7.0.9-10.18 , bci/dotnet-aspnet:latest Container Release : 10.18 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 07:04:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:04:49 +0200 (CEST) Subject: SUSE-CU-2023:2487-1: Recommended update of suse/registry Message-ID: <20230802070449.47731F785@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2487-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.14 , suse/registry:latest Container Release : 14.14 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - openssl-1_1-1.1.1l-150500.17.12.1 updated From sle-updates at lists.suse.com Wed Aug 2 07:04:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:04:57 +0200 (CEST) Subject: SUSE-CU-2023:2488-1: Recommended update of bci/dotnet-runtime Message-ID: <20230802070457.685E8F785@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2488-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-9.18 , bci/dotnet-runtime:6.0.20 , bci/dotnet-runtime:6.0.20-9.18 Container Release : 9.18 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 07:05:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:05:05 +0200 (CEST) Subject: SUSE-CU-2023:2489-1: Recommended update of bci/dotnet-runtime Message-ID: <20230802070505.8967CF785@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2489-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.18 , bci/dotnet-runtime:7.0.9 , bci/dotnet-runtime:7.0.9-11.18 , bci/dotnet-runtime:latest Container Release : 11.18 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 07:05:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:05:13 +0200 (CEST) Subject: SUSE-CU-2023:2490-1: Recommended update of bci/bci-init Message-ID: <20230802070513.9721BF785@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2490-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.30 , bci/bci-init:latest Container Release : 8.30 Severity : moderate Type : recommended References : 1212496 1213517 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3088-1 Released: Tue Aug 1 09:52:03 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1212496 This update for systemd-presets-common-SUSE fixes the following issues: - Fix systemctl being called with an empty argument (bsc#1212496) - Don't call systemctl list-unit-files with an empty argument (bsc#1212496) - Add wtmpdb-update-boot.service and wtmpdb-rotate.timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - systemd-presets-common-SUSE-15-150500.20.3.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 07:05:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:05:20 +0200 (CEST) Subject: SUSE-CU-2023:2491-1: Recommended update of suse/pcp Message-ID: <20230802070520.A45CFF785@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2491-1 Container Tags : suse/pcp:5 , suse/pcp:5-13.7 , suse/pcp:5.2 , suse/pcp:5.2-13.7 , suse/pcp:5.2.5 , suse/pcp:5.2.5-13.7 , suse/pcp:latest Container Release : 13.7 Severity : moderate Type : recommended References : 1212496 1213517 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3088-1 Released: Tue Aug 1 09:52:03 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1212496 This update for systemd-presets-common-SUSE fixes the following issues: - Fix systemctl being called with an empty argument (bsc#1212496) - Don't call systemctl list-unit-files with an empty argument (bsc#1212496) - Add wtmpdb-update-boot.service and wtmpdb-rotate.timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - systemd-presets-common-SUSE-15-150500.20.3.1 updated - container:bci-bci-init-15.5-15.5-8.30 updated From sle-updates at lists.suse.com Wed Aug 2 07:05:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:05:28 +0200 (CEST) Subject: SUSE-CU-2023:2492-1: Recommended update of bci/php-fpm Message-ID: <20230802070528.95B38F785@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2492-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.19 Container Release : 6.19 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 07:05:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:05:34 +0200 (CEST) Subject: SUSE-CU-2023:2493-1: Recommended update of suse/postgres Message-ID: <20230802070534.3A0E6F785@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2493-1 Container Tags : suse/postgres:14 , suse/postgres:14-12.21 , suse/postgres:14.8 , suse/postgres:14.8-12.21 Container Release : 12.21 Severity : moderate Type : recommended References : 1212496 1213517 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3088-1 Released: Tue Aug 1 09:52:03 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1212496 This update for systemd-presets-common-SUSE fixes the following issues: - Fix systemctl being called with an empty argument (bsc#1212496) - Don't call systemctl list-unit-files with an empty argument (bsc#1212496) - Add wtmpdb-update-boot.service and wtmpdb-rotate.timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - systemd-presets-common-SUSE-15-150500.20.3.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 07:05:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:05:43 +0200 (CEST) Subject: SUSE-CU-2023:2494-1: Recommended update of bci/python Message-ID: <20230802070543.95818F785@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2494-1 Container Tags : bci/python:3 , bci/python:3-8.29 , bci/python:3.11 , bci/python:3.11-8.29 , bci/python:latest Container Release : 8.29 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - openssl-1_1-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 07:05:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:05:52 +0200 (CEST) Subject: SUSE-CU-2023:2495-1: Recommended update of bci/python Message-ID: <20230802070552.01C63F785@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2495-1 Container Tags : bci/python:3 , bci/python:3-10.26 , bci/python:3.6 , bci/python:3.6-10.26 Container Release : 10.26 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - openssl-1_1-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 07:05:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 09:05:58 +0200 (CEST) Subject: SUSE-CU-2023:2496-1: Recommended update of suse/sle15 Message-ID: <20230802070558.7FC77F785@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2496-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.21 , suse/sle15:15.5 , suse/sle15:15.5.36.5.21 Container Release : 36.5.21 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - libopenssl1_1-1.1.1l-150500.17.12.1 updated - openssl-1_1-1.1.1l-150500.17.12.1 updated From sle-updates at lists.suse.com Wed Aug 2 08:44:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:44:45 -0000 Subject: SUSE-RU-2023:3150-1: moderate: Recommended update for kernel-firmware-nvidia-gsp-G06,nvidia-open-driver-G06-signed Message-ID: <169096588529.20516.13862283037795522853@smelt2.suse.de> # Recommended update for kernel-firmware-nvidia-gsp-G06,nvidia-open- driver-G06-signed Announcement ID: SUSE-RU-2023:3150-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for kernel-firmware-nvidia-gsp-G06,nvidia-open-driver-G06-signed fixes the following issues: nvidia-open-driver-G06-signed and kernel-firmware-nvidia-gsp-G06 were updated to version 535.86.05. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3150=1 openSUSE-SLE-15.4-2023-3150=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3150=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3150=1 ## Package List: * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.86.05-150400.9.3.1 * openSUSE Leap 15.4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.86.05_k5.14.21_150400.24.69-150400.9.14.1 * nvidia-open-driver-G06-signed-debugsource-535.86.05-150400.9.14.1 * nvidia-open-driver-G06-signed-kmp-default-535.86.05_k5.14.21_150400.24.69-150400.9.14.1 * openSUSE Leap 15.4 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-535.86.05_k5.14.21_150400.14.55-150400.9.14.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.86.05_k5.14.21_150400.14.55-150400.9.14.1 * openSUSE Leap 15.4 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.86.05_k5.14.21_150400.24.69-150400.9.14.1 * nvidia-open-driver-G06-signed-kmp-64kb-535.86.05_k5.14.21_150400.24.69-150400.9.14.1 * Basesystem Module 15-SP4 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.86.05-150400.9.3.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.86.05_k5.14.21_150400.24.69-150400.9.14.1 * nvidia-open-driver-G06-signed-kmp-default-535.86.05_k5.14.21_150400.24.69-150400.9.14.1 * Public Cloud Module 15-SP4 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-535.86.05_k5.14.21_150400.14.55-150400.9.14.1 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.86.05_k5.14.21_150400.14.55-150400.9.14.1 ## References: * https://jira.suse.com/browse/SLE-24532 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:01 -0000 Subject: SUSE-RU-2023:3149-1: important: Recommended update for perl-Bootloader Message-ID: <169096590108.20516.17796076603718969992@smelt2.suse.de> # Recommended update for perl-Bootloader Announcement ID: SUSE-RU-2023:3149-1 Rating: important References: * #1136601 * #1157550 * #1167015 * #1172293 * #1174111 * #1174320 * #1182749 * #1184160 * #1188768 * #1192764 * #1198197 * #1198828 * #1201399 * #1208003 * #1210799 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that contains four features and has 15 recommended fixes can now be installed. ## Description: This update for perl-Bootloader fixes the following issues: * Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) * Update default location if it is controlled by SUSE (bsc#1210799, bsc#1201399) * Distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) * Add basic support for systemd-boot * Fix sysconfig parsing (bsc#1198828) * Reset error code when passing through recover code (bsc#1198197) * Support secure boot on powerpc (bsc#1192764, jsc#SLE-18271) * Report error if config file could not be updated (bsc#1188768) * Install with --removable if efivars are not writable (bsc#1182749, bsc#1174111, bsc#1184160) * Use shim on aarch64 (jsc#SLE-15823, jsc#SLE-15020) * Honor UPDATE_NVRAM in /etc/sysconfig/bootloader (bsc#1157550 jsc#SLE-11500) * Check tpm.mod in the new grub2 directory (bsc#1174320) * Throw less warnings about fstab * Do not warn about missing SECURE_BOOT sysconfig * Use correct target name on aarch64 (bsc#1172293) * Always install EFI fallback boot for aarch64 (bsc#1167015) * Accept sysconfig values without quotes * Fix secureboot on aarch64 (bsc#1136601) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3149=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3149=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-3149=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-3149=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-3149=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3149=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3149=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3149=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * perl-Bootloader-0.944-3.3.1 * perl-Bootloader-YAML-0.944-3.3.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * perl-Bootloader-0.944-3.3.1 * perl-Bootloader-YAML-0.944-3.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * perl-Bootloader-0.944-3.3.1 * perl-Bootloader-YAML-0.944-3.3.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * perl-Bootloader-0.944-3.3.1 * perl-Bootloader-YAML-0.944-3.3.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-0.944-3.3.1 * perl-Bootloader-YAML-0.944-3.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * perl-Bootloader-0.944-3.3.1 * perl-Bootloader-YAML-0.944-3.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-0.944-3.3.1 * perl-Bootloader-YAML-0.944-3.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * perl-Bootloader-0.944-3.3.1 * perl-Bootloader-YAML-0.944-3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1136601 * https://bugzilla.suse.com/show_bug.cgi?id=1157550 * https://bugzilla.suse.com/show_bug.cgi?id=1167015 * https://bugzilla.suse.com/show_bug.cgi?id=1172293 * https://bugzilla.suse.com/show_bug.cgi?id=1174111 * https://bugzilla.suse.com/show_bug.cgi?id=1174320 * https://bugzilla.suse.com/show_bug.cgi?id=1182749 * https://bugzilla.suse.com/show_bug.cgi?id=1184160 * https://bugzilla.suse.com/show_bug.cgi?id=1188768 * https://bugzilla.suse.com/show_bug.cgi?id=1192764 * https://bugzilla.suse.com/show_bug.cgi?id=1198197 * https://bugzilla.suse.com/show_bug.cgi?id=1198828 * https://bugzilla.suse.com/show_bug.cgi?id=1201399 * https://bugzilla.suse.com/show_bug.cgi?id=1208003 * https://bugzilla.suse.com/show_bug.cgi?id=1210799 * https://jira.suse.com/browse/SLE-11500 * https://jira.suse.com/browse/SLE-15020 * https://jira.suse.com/browse/SLE-15823 * https://jira.suse.com/browse/SLE-18271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:03 -0000 Subject: SUSE-RU-2023:3148-1: moderate: Recommended update for firewalld Message-ID: <169096590381.20516.14475437270352632472@smelt2.suse.de> # Recommended update for firewalld Announcement ID: SUSE-RU-2023:3148-1 Rating: moderate References: * #1212974 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for firewalld fixes the following issues: * Firewalld does not accept IPv4 network mask in full form (bsc#1212974) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3148=1 openSUSE-SLE-15.4-2023-3148=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3148=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3148=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3148=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3148=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3148=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3148=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3148=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3148=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3148=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3148=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3148=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3148=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3148=1 ## Package List: * openSUSE Leap 15.4 (noarch) * firewalld-0.9.3-150400.8.12.1 * firewall-applet-0.9.3-150400.8.12.1 * firewall-config-0.9.3-150400.8.12.1 * firewall-macros-0.9.3-150400.8.12.1 * firewalld-lang-0.9.3-150400.8.12.1 * python3-firewall-0.9.3-150400.8.12.1 * openSUSE Leap Micro 5.3 (noarch) * firewalld-0.9.3-150400.8.12.1 * python3-firewall-0.9.3-150400.8.12.1 * openSUSE Leap Micro 5.4 (noarch) * firewalld-0.9.3-150400.8.12.1 * python3-firewall-0.9.3-150400.8.12.1 * openSUSE Leap 15.5 (noarch) * firewalld-0.9.3-150400.8.12.1 * firewall-applet-0.9.3-150400.8.12.1 * firewall-config-0.9.3-150400.8.12.1 * firewall-macros-0.9.3-150400.8.12.1 * firewalld-lang-0.9.3-150400.8.12.1 * python3-firewall-0.9.3-150400.8.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * firewalld-0.9.3-150400.8.12.1 * python3-firewall-0.9.3-150400.8.12.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * firewalld-0.9.3-150400.8.12.1 * python3-firewall-0.9.3-150400.8.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * firewalld-0.9.3-150400.8.12.1 * python3-firewall-0.9.3-150400.8.12.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * firewalld-0.9.3-150400.8.12.1 * python3-firewall-0.9.3-150400.8.12.1 * Basesystem Module 15-SP4 (noarch) * firewalld-0.9.3-150400.8.12.1 * python3-firewall-0.9.3-150400.8.12.1 * firewalld-lang-0.9.3-150400.8.12.1 * Basesystem Module 15-SP5 (noarch) * firewalld-0.9.3-150400.8.12.1 * python3-firewall-0.9.3-150400.8.12.1 * firewalld-lang-0.9.3-150400.8.12.1 * Desktop Applications Module 15-SP4 (noarch) * firewall-applet-0.9.3-150400.8.12.1 * firewall-config-0.9.3-150400.8.12.1 * Desktop Applications Module 15-SP5 (noarch) * firewall-applet-0.9.3-150400.8.12.1 * firewall-config-0.9.3-150400.8.12.1 * Development Tools Module 15-SP4 (noarch) * firewall-macros-0.9.3-150400.8.12.1 * Development Tools Module 15-SP5 (noarch) * firewall-macros-0.9.3-150400.8.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212974 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:05 -0000 Subject: SUSE-RU-2023:3147-1: moderate: Recommended update for firewalld Message-ID: <169096590585.20516.2915570297839338887@smelt2.suse.de> # Recommended update for firewalld Announcement ID: SUSE-RU-2023:3147-1 Rating: moderate References: * #1212974 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for firewalld fixes the following issues: * Firewalld does not accept IPv4 network mask in full form (bsc#1212974) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3147=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3147=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3147=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3147=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3147=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3147=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3147=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3147=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3147=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3147=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3147=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3147=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-firewall-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-firewall-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * firewall-macros-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * firewalld-lang-0.9.3-150300.3.15.1 * firewall-applet-0.9.3-150300.3.15.1 * python3-firewall-0.9.3-150300.3.15.1 * firewall-config-0.9.3-150300.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * firewall-macros-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * firewalld-lang-0.9.3-150300.3.15.1 * firewall-applet-0.9.3-150300.3.15.1 * python3-firewall-0.9.3-150300.3.15.1 * firewall-config-0.9.3-150300.3.15.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * firewall-macros-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * firewalld-lang-0.9.3-150300.3.15.1 * firewall-applet-0.9.3-150300.3.15.1 * python3-firewall-0.9.3-150300.3.15.1 * firewall-config-0.9.3-150300.3.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * firewall-macros-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * firewalld-lang-0.9.3-150300.3.15.1 * firewall-applet-0.9.3-150300.3.15.1 * python3-firewall-0.9.3-150300.3.15.1 * firewall-config-0.9.3-150300.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * firewall-macros-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * firewalld-lang-0.9.3-150300.3.15.1 * firewall-applet-0.9.3-150300.3.15.1 * python3-firewall-0.9.3-150300.3.15.1 * firewall-config-0.9.3-150300.3.15.1 * SUSE Manager Proxy 4.2 (noarch) * firewalld-lang-0.9.3-150300.3.15.1 * firewall-macros-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * python3-firewall-0.9.3-150300.3.15.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * firewalld-lang-0.9.3-150300.3.15.1 * firewall-macros-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * python3-firewall-0.9.3-150300.3.15.1 * SUSE Manager Server 4.2 (noarch) * firewalld-lang-0.9.3-150300.3.15.1 * firewall-macros-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * python3-firewall-0.9.3-150300.3.15.1 * SUSE Enterprise Storage 7.1 (noarch) * firewall-macros-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 * firewalld-lang-0.9.3-150300.3.15.1 * firewall-applet-0.9.3-150300.3.15.1 * python3-firewall-0.9.3-150300.3.15.1 * firewall-config-0.9.3-150300.3.15.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-firewall-0.9.3-150300.3.15.1 * firewalld-0.9.3-150300.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212974 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:08 -0000 Subject: SUSE-OU-2023:3146-1: low: Optional update for mono-core, ghc, ghc-xml-conduit, gstreamer, poppler and python-mccabe Message-ID: <169096590832.20516.9565606574170764174@smelt2.suse.de> # Optional update for mono-core, ghc, ghc-xml-conduit, gstreamer, poppler and python-mccabe Announcement ID: SUSE-OU-2023:3146-1 Rating: low References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains one feature can now be installed. ## Description: This optional update provides the following feature: * Add additional binaries to PackageHub: mono-core, ghc, ghc-xml-conduit, gstreamer, poppler and python-mccabe. ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3146=1 openSUSE-SLE-15.5-2023-3146=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3146=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3146=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3146=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3146=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3146=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3146=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3146=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3146=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3146=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * gstreamer-utils-debuginfo-1.22.0-150500.3.2.3 * libpoppler-devel-23.01.0-150500.3.2.4 * libpoppler-qt6-devel-23.01.0-150500.3.2.4 * poppler-qt5-debugsource-23.01.0-150500.3.2.4 * gstreamer-utils-1.22.0-150500.3.2.3 * libpoppler-cpp0-debuginfo-23.01.0-150500.3.2.4 * libpoppler126-23.01.0-150500.3.2.4 * libpoppler-qt6-3-23.01.0-150500.3.2.4 * libgstreamer-1_0-0-1.22.0-150500.3.2.3 * gstreamer-devel-1.22.0-150500.3.2.3 * poppler-tools-23.01.0-150500.3.2.4 * poppler-qt6-debugsource-23.01.0-150500.3.2.4 * libgstreamer-1_0-0-debuginfo-1.22.0-150500.3.2.3 * libpoppler-glib8-23.01.0-150500.3.2.4 * typelib-1_0-Gst-1_0-1.22.0-150500.3.2.3 * libpoppler-glib8-debuginfo-23.01.0-150500.3.2.4 * libpoppler-qt5-1-23.01.0-150500.3.2.4 * poppler-tools-debuginfo-23.01.0-150500.3.2.4 * libpoppler-qt6-3-debuginfo-23.01.0-150500.3.2.4 * libpoppler126-debuginfo-23.01.0-150500.3.2.4 * libpoppler-qt5-1-debuginfo-23.01.0-150500.3.2.4 * typelib-1_0-Poppler-0_18-23.01.0-150500.3.2.4 * poppler-debugsource-23.01.0-150500.3.2.4 * libpoppler-cpp0-23.01.0-150500.3.2.4 * gstreamer-debugsource-1.22.0-150500.3.2.3 * gstreamer-debuginfo-1.22.0-150500.3.2.3 * libpoppler-glib-devel-23.01.0-150500.3.2.4 * gstreamer-1.22.0-150500.3.2.3 * libpoppler-qt5-devel-23.01.0-150500.3.2.4 * openSUSE Leap 15.5 (x86_64) * libpoppler126-32bit-debuginfo-23.01.0-150500.3.2.4 * libpoppler-qt5-1-32bit-debuginfo-23.01.0-150500.3.2.4 * gstreamer-32bit-debuginfo-1.22.0-150500.3.2.3 * libwebpmux3-32bit-1.0.3-150200.3.7.3 * libwebpdemux2-32bit-1.0.3-150200.3.7.3 * libpoppler126-32bit-23.01.0-150500.3.2.4 * libpoppler-qt5-1-32bit-23.01.0-150500.3.2.4 * libwebpdecoder3-32bit-debuginfo-1.0.3-150200.3.7.3 * libpoppler-glib8-32bit-23.01.0-150500.3.2.4 * libpoppler-cpp0-32bit-debuginfo-23.01.0-150500.3.2.4 * libpoppler-glib8-32bit-debuginfo-23.01.0-150500.3.2.4 * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.10.1 * gstreamer-devel-32bit-1.22.0-150500.3.2.3 * libwebp7-32bit-1.0.3-150200.3.7.3 * typelib-1_0-Gst-1_0-32bit-1.22.0-150500.3.2.3 * libopenjp2-7-32bit-2.3.0-150000.3.10.1 * libwebp-devel-32bit-1.0.3-150200.3.7.3 * libwebpdecoder3-32bit-1.0.3-150200.3.7.3 * libgstreamer-1_0-0-32bit-1.22.0-150500.3.2.3 * gstreamer-32bit-1.22.0-150500.3.2.3 * libpoppler-cpp0-32bit-23.01.0-150500.3.2.4 * libwebpdemux2-32bit-debuginfo-1.0.3-150200.3.7.3 * libgstreamer-1_0-0-32bit-debuginfo-1.22.0-150500.3.2.3 * libwebpmux3-32bit-debuginfo-1.0.3-150200.3.7.3 * libwebp7-32bit-debuginfo-1.0.3-150200.3.7.3 * openSUSE Leap 15.5 (noarch) * gstreamer-lang-1.22.0-150500.3.2.3 * python3-mccabe-0.6.1-150000.3.4.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ghc-unix-debuginfo-2.7.2.2-150500.3.2.5 * ghc-exceptions-devel-0.10.4-150500.3.2.5 * ghc-ghci-8.10.7-150500.3.2.5 * ghc-time-1.9.3-150500.3.2.5 * ghc-pretty-devel-1.1.3.6-150500.3.2.5 * ghc-transformers-debuginfo-0.5.6.2-150500.3.2.5 * libmono-2_0-1-6.8.0-150200.5.2.5 * ghc-haskeline-debuginfo-0.8.2-150500.3.2.5 * ghc-binary-devel-0.8.8.0-150500.3.2.5 * ghc-hpc-0.6.1.0-150500.3.2.5 * ghc-base-4.14.3.0-150500.3.2.5 * mono-extras-6.8.0-150200.5.2.5 * mono-locale-extras-6.8.0-150200.5.2.5 * ghc-8.10.7-150500.3.2.5 * ghc-base-devel-4.14.3.0-150500.3.2.5 * libwebp7-debuginfo-1.0.3-150200.3.7.3 * ghc-hpc-debuginfo-0.6.1.0-150500.3.2.5 * ghc-array-debuginfo-0.5.4.0-150500.3.2.5 * ghc-stm-2.5.0.1-150500.3.2.5 * ghc-deepseq-devel-1.4.4.0-150500.3.2.5 * libwebp7-1.0.3-150200.3.7.3 * ghc-xhtml-debuginfo-3000.2.2.1-150500.3.2.5 * mono-mvc-6.8.0-150200.5.2.5 * ghc-directory-devel-1.3.6.0-150500.3.2.5 * mono-data-oracle-6.8.0-150200.5.2.5 * ghc-Cabal-debuginfo-3.2.1.0-150500.3.2.5 * ghc-ghc-boot-th-8.10.7-150500.3.2.5 * mono-complete-6.8.0-150200.5.2.5 * mono-core-6.8.0-150200.5.2.5 * ghc-bytestring-debuginfo-0.10.12.0-150500.3.2.5 * ghc-parsec-debuginfo-3.1.14.0-150500.3.2.5 * ghc-ghc-boot-debuginfo-8.10.7-150500.3.2.5 * ghc-transformers-devel-0.5.6.2-150500.3.2.5 * libmono-2_0-devel-6.8.0-150200.5.2.5 * mono-data-6.8.0-150200.5.2.5 * libwebp-debugsource-1.0.3-150200.3.7.3 * mono-web-6.8.0-150200.5.2.5 * libopenjp2-7-debuginfo-2.3.0-150000.3.10.1 * ghc-parsec-3.1.14.0-150500.3.2.5 * mono-core-debugsource-6.8.0-150200.5.2.5 * ghc-process-1.6.13.2-150500.3.2.5 * ghc-haskeline-devel-0.8.2-150500.3.2.5 * ghc-time-devel-1.9.3-150500.3.2.5 * ghc-unix-devel-2.7.2.2-150500.3.2.5 * ghc-text-debuginfo-1.2.4.1-150500.3.2.5 * mono-devel-6.8.0-150200.5.2.5 * ghc-ghc-boot-th-debuginfo-8.10.7-150500.3.2.5 * ghc-ghc-boot-th-devel-8.10.7-150500.3.2.5 * libwebpdemux2-debuginfo-1.0.3-150200.3.7.3 * ghc-deepseq-debuginfo-1.4.4.0-150500.3.2.5 * ghc-parsec-devel-3.1.14.0-150500.3.2.5 * ghc-mtl-devel-2.2.2-150500.3.2.5 * ghc-libraries-8.10.7-150500.3.2.5 * libwebp-tools-debuginfo-1.0.3-150200.3.7.3 * ghc-debugsource-8.10.7-150500.3.2.5 * ghc-array-0.5.4.0-150500.3.2.5 * ghc-ghci-debuginfo-8.10.7-150500.3.2.5 * ghc-haskeline-0.8.2-150500.3.2.5 * ghc-terminfo-0.4.1.4-150500.3.2.5 * ghc-unix-2.7.2.2-150500.3.2.5 * libwebp-tools-1.0.3-150200.3.7.3 * ghc-deepseq-1.4.4.0-150500.3.2.5 * ghc-Cabal-3.2.1.0-150500.3.2.5 * ghc-directory-1.3.6.0-150500.3.2.5 * libwebpdecoder3-1.0.3-150200.3.7.3 * openjpeg2-debugsource-2.3.0-150000.3.10.1 * libopenjp2-7-2.3.0-150000.3.10.1 * ghc-xhtml-3000.2.2.1-150500.3.2.5 * ghc-filepath-1.4.2.1-150500.3.2.5 * ghc-compiler-debuginfo-8.10.7-150500.3.2.5 * ghc-binary-debuginfo-0.8.8.0-150500.3.2.5 * ghc-stm-devel-2.5.0.1-150500.3.2.5 * ghc-libiserv-8.10.7-150500.3.2.5 * ghc-containers-devel-0.6.5.1-150500.3.2.5 * libmonosgen-2_0-1-debuginfo-6.8.0-150200.5.2.5 * openjpeg2-debuginfo-2.3.0-150000.3.10.1 * ghc-mtl-2.2.2-150500.3.2.5 * mono-devel-debuginfo-6.8.0-150200.5.2.5 * ghc-containers-0.6.5.1-150500.3.2.5 * ghc-transformers-0.5.6.2-150500.3.2.5 * ghc-ghc-compact-0.1.0.0-150500.3.2.5 * ghc-xml-conduit-1.9.1.1-150500.3.2.3 * ghc-containers-debuginfo-0.6.5.1-150500.3.2.5 * ghc-text-devel-1.2.4.1-150500.3.2.5 * ghc-hpc-devel-0.6.1.0-150500.3.2.5 * openjpeg2-devel-2.3.0-150000.3.10.1 * ghc-ghc-compact-debuginfo-0.1.0.0-150500.3.2.5 * ghc-terminfo-debuginfo-0.4.1.4-150500.3.2.5 * ghc-text-1.2.4.1-150500.3.2.5 * ghc-stm-debuginfo-2.5.0.1-150500.3.2.5 * ghc-compiler-8.10.7-150500.3.2.5 * ghc-xhtml-devel-3000.2.2.1-150500.3.2.5 * mono-reactive-6.8.0-150200.5.2.5 * openjpeg2-2.3.0-150000.3.10.1 * ghc-ghci-devel-8.10.7-150500.3.2.5 * libwebpmux3-1.0.3-150200.3.7.3 * ghc-xml-conduit-devel-1.9.1.1-150500.3.2.3 * ghc-filepath-debuginfo-1.4.2.1-150500.3.2.5 * ghc-exceptions-debuginfo-0.10.4-150500.3.2.5 * libmonosgen-2_0-1-6.8.0-150200.5.2.5 * libmonosgen-2_0-devel-6.8.0-150200.5.2.5 * ghc-debuginfo-8.10.7-150500.3.2.5 * monodoc-core-6.8.0-150200.5.2.5 * ghc-template-haskell-devel-2.16.0.0-150500.3.2.5 * mono-winforms-6.8.0-150200.5.2.5 * ghc-bytestring-0.10.12.0-150500.3.2.5 * ghc-ghc-8.10.7-150500.3.2.5 * libwebpdecoder3-debuginfo-1.0.3-150200.3.7.3 * ghc-libiserv-devel-8.10.7-150500.3.2.5 * ghc-ghc-boot-8.10.7-150500.3.2.5 * ghc-directory-debuginfo-1.3.6.0-150500.3.2.5 * libwebpdemux2-1.0.3-150200.3.7.3 * ghc-mtl-debuginfo-2.2.2-150500.3.2.5 * ghc-ghc-heap-debuginfo-8.10.7-150500.3.2.5 * ghc-ghc-heap-8.10.7-150500.3.2.5 * ghc-bytestring-devel-0.10.12.0-150500.3.2.5 * ghc-ghc-heap-devel-8.10.7-150500.3.2.5 * ghc-pretty-debuginfo-1.1.3.6-150500.3.2.5 * ghc-exceptions-0.10.4-150500.3.2.5 * ghc-libiserv-debuginfo-8.10.7-150500.3.2.5 * ghc-process-devel-1.6.13.2-150500.3.2.5 * ghc-array-devel-0.5.4.0-150500.3.2.5 * ghc-base-debuginfo-4.14.3.0-150500.3.2.5 * ghc-time-debuginfo-1.9.3-150500.3.2.5 * ghc-terminfo-devel-0.4.1.4-150500.3.2.5 * mono-wcf-6.8.0-150200.5.2.5 * ghc-template-haskell-debuginfo-2.16.0.0-150500.3.2.5 * mono-core-debuginfo-6.8.0-150200.5.2.5 * ghc-ghc-debuginfo-8.10.7-150500.3.2.5 * mono-data-sqlite-6.8.0-150200.5.2.5 * ghc-filepath-devel-1.4.2.1-150500.3.2.5 * ghc-process-debuginfo-1.6.13.2-150500.3.2.5 * ghc-ghc-devel-8.10.7-150500.3.2.5 * libwebpmux3-debuginfo-1.0.3-150200.3.7.3 * mono-winfxcore-6.8.0-150200.5.2.5 * ghc-binary-0.8.8.0-150500.3.2.5 * ibm-data-db2-6.8.0-150200.5.2.5 * libwebp-devel-1.0.3-150200.3.7.3 * ghc-Cabal-devel-3.2.1.0-150500.3.2.5 * ghc-pretty-1.1.3.6-150500.3.2.5 * ghc-ghc-compact-devel-0.1.0.0-150500.3.2.5 * ghc-template-haskell-2.16.0.0-150500.3.2.5 * ghc-ghc-boot-devel-8.10.7-150500.3.2.5 * openSUSE Leap 15.5 (aarch64_ilp32) * libpoppler-glib8-64bit-debuginfo-23.01.0-150500.3.2.4 * libgstreamer-1_0-0-64bit-debuginfo-1.22.0-150500.3.2.3 * gstreamer-devel-64bit-1.22.0-150500.3.2.3 * libgstreamer-1_0-0-64bit-1.22.0-150500.3.2.3 * libpoppler-cpp0-64bit-debuginfo-23.01.0-150500.3.2.4 * gstreamer-64bit-debuginfo-1.22.0-150500.3.2.3 * libpoppler-glib8-64bit-23.01.0-150500.3.2.4 * libpoppler126-64bit-debuginfo-23.01.0-150500.3.2.4 * libpoppler126-64bit-23.01.0-150500.3.2.4 * libpoppler-qt5-1-64bit-debuginfo-23.01.0-150500.3.2.4 * libpoppler-qt5-1-64bit-23.01.0-150500.3.2.4 * libpoppler-cpp0-64bit-23.01.0-150500.3.2.4 * gstreamer-64bit-1.22.0-150500.3.2.3 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * libmonoboehm-2_0-1-6.8.0-150200.5.2.5 * libmonoboehm-2_0-devel-6.8.0-150200.5.2.5 * libmonoboehm-2_0-1-debuginfo-6.8.0-150200.5.2.5 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mono-web-6.8.0-150200.5.2.5 * libmonosgen-2_0-1-debuginfo-6.8.0-150200.5.2.5 * openjpeg2-debuginfo-2.3.0-150000.3.10.1 * libopenjp2-7-debuginfo-2.3.0-150000.3.10.1 * mono-core-debugsource-6.8.0-150200.5.2.5 * mono-devel-debuginfo-6.8.0-150200.5.2.5 * libmono-2_0-1-6.8.0-150200.5.2.5 * mono-wcf-6.8.0-150200.5.2.5 * mono-devel-6.8.0-150200.5.2.5 * mono-core-debuginfo-6.8.0-150200.5.2.5 * mono-extras-6.8.0-150200.5.2.5 * mono-locale-extras-6.8.0-150200.5.2.5 * libwebpdemux2-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-devel-2.3.0-150000.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.7.3 * libwebp7-1.0.3-150200.3.7.3 * mono-data-sqlite-6.8.0-150200.5.2.5 * mono-mvc-6.8.0-150200.5.2.5 * mono-reactive-6.8.0-150200.5.2.5 * mono-data-oracle-6.8.0-150200.5.2.5 * openjpeg2-2.3.0-150000.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.7.3 * mono-winfxcore-6.8.0-150200.5.2.5 * ibm-data-db2-6.8.0-150200.5.2.5 * libwebp-tools-debuginfo-1.0.3-150200.3.7.3 * libwebpmux3-1.0.3-150200.3.7.3 * mono-complete-6.8.0-150200.5.2.5 * libwebp-devel-1.0.3-150200.3.7.3 * libmonosgen-2_0-devel-6.8.0-150200.5.2.5 * libmonosgen-2_0-1-6.8.0-150200.5.2.5 * libwebp-tools-1.0.3-150200.3.7.3 * mono-core-6.8.0-150200.5.2.5 * monodoc-core-6.8.0-150200.5.2.5 * mono-winforms-6.8.0-150200.5.2.5 * libwebpdecoder3-1.0.3-150200.3.7.3 * libwebpdecoder3-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-debugsource-2.3.0-150000.3.10.1 * libmono-2_0-devel-6.8.0-150200.5.2.5 * libopenjp2-7-2.3.0-150000.3.10.1 * mono-data-6.8.0-150200.5.2.5 * libwebp-debugsource-1.0.3-150200.3.7.3 * libwebpdemux2-1.0.3-150200.3.7.3 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * libmonoboehm-2_0-1-6.8.0-150200.5.2.5 * libmonoboehm-2_0-devel-6.8.0-150200.5.2.5 * libmonoboehm-2_0-1-debuginfo-6.8.0-150200.5.2.5 * openSUSE Leap 15.4 (x86_64) * libwebp7-32bit-1.0.3-150200.3.7.3 * libwebpdemux2-32bit-1.0.3-150200.3.7.3 * libwebp-devel-32bit-1.0.3-150200.3.7.3 * libopenjp2-7-32bit-2.3.0-150000.3.10.1 * libwebpdecoder3-32bit-debuginfo-1.0.3-150200.3.7.3 * libwebpdemux2-32bit-debuginfo-1.0.3-150200.3.7.3 * libwebpmux3-32bit-debuginfo-1.0.3-150200.3.7.3 * libwebpmux3-32bit-1.0.3-150200.3.7.3 * libwebpdecoder3-32bit-1.0.3-150200.3.7.3 * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.10.1 * libwebp7-32bit-debuginfo-1.0.3-150200.3.7.3 * openSUSE Leap 15.4 (noarch) * python3-mccabe-0.6.1-150000.3.4.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openjpeg2-debuginfo-2.3.0-150000.3.10.1 * libopenjp2-7-debuginfo-2.3.0-150000.3.10.1 * openjpeg2-2.3.0-150000.3.10.1 * libwebpdecoder3-1.0.3-150200.3.7.3 * libwebpmux3-debuginfo-1.0.3-150200.3.7.3 * libwebpmux3-1.0.3-150200.3.7.3 * libwebpdecoder3-debuginfo-1.0.3-150200.3.7.3 * libwebpdemux2-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-debugsource-2.3.0-150000.3.10.1 * libwebp-devel-1.0.3-150200.3.7.3 * libopenjp2-7-2.3.0-150000.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-devel-2.3.0-150000.3.10.1 * libwebp7-1.0.3-150200.3.7.3 * libwebp-debugsource-1.0.3-150200.3.7.3 * libwebpdemux2-1.0.3-150200.3.7.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-utils-debuginfo-1.22.0-150500.3.2.3 * libopenjp2-7-debuginfo-2.3.0-150000.3.10.1 * libpoppler-devel-23.01.0-150500.3.2.4 * openjpeg2-debuginfo-2.3.0-150000.3.10.1 * gstreamer-utils-1.22.0-150500.3.2.3 * libpoppler-cpp0-debuginfo-23.01.0-150500.3.2.4 * libpoppler126-23.01.0-150500.3.2.4 * libgstreamer-1_0-0-1.22.0-150500.3.2.3 * gstreamer-devel-1.22.0-150500.3.2.3 * poppler-tools-23.01.0-150500.3.2.4 * libwebpdemux2-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-devel-2.3.0-150000.3.10.1 * libgstreamer-1_0-0-debuginfo-1.22.0-150500.3.2.3 * libpoppler-glib8-23.01.0-150500.3.2.4 * libwebp7-debuginfo-1.0.3-150200.3.7.3 * typelib-1_0-Gst-1_0-1.22.0-150500.3.2.3 * libpoppler-glib8-debuginfo-23.01.0-150500.3.2.4 * libwebp7-1.0.3-150200.3.7.3 * openjpeg2-2.3.0-150000.3.10.1 * libwebpmux3-debuginfo-1.0.3-150200.3.7.3 * libwebpmux3-1.0.3-150200.3.7.3 * poppler-tools-debuginfo-23.01.0-150500.3.2.4 * libwebp-devel-1.0.3-150200.3.7.3 * libpoppler126-debuginfo-23.01.0-150500.3.2.4 * typelib-1_0-Poppler-0_18-23.01.0-150500.3.2.4 * poppler-debugsource-23.01.0-150500.3.2.4 * libwebpdecoder3-1.0.3-150200.3.7.3 * libpoppler-cpp0-23.01.0-150500.3.2.4 * libwebpdecoder3-debuginfo-1.0.3-150200.3.7.3 * gstreamer-debugsource-1.22.0-150500.3.2.3 * openjpeg2-debugsource-2.3.0-150000.3.10.1 * libopenjp2-7-2.3.0-150000.3.10.1 * gstreamer-debuginfo-1.22.0-150500.3.2.3 * libpoppler-glib-devel-23.01.0-150500.3.2.4 * gstreamer-1.22.0-150500.3.2.3 * libwebp-debugsource-1.0.3-150200.3.7.3 * libwebpdemux2-1.0.3-150200.3.7.3 * Basesystem Module 15-SP5 (noarch) * gstreamer-lang-1.22.0-150500.3.2.3 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * mono-core-6.8.0-150200.5.2.5 * mono-core-debugsource-6.8.0-150200.5.2.5 * mono-core-debuginfo-6.8.0-150200.5.2.5 * SUSE Package Hub 15 15-SP4 (noarch) * python3-mccabe-0.6.1-150000.3.4.3 * SUSE Package Hub 15 15-SP4 (ppc64le s390x x86_64) * libmonoboehm-2_0-1-6.8.0-150200.5.2.5 * libmonoboehm-2_0-devel-6.8.0-150200.5.2.5 * SUSE Package Hub 15 15-SP4 (x86_64) * libopenjp2-7-32bit-2.3.0-150000.3.10.1 * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.10.1 * libwebp7-32bit-1.0.3-150200.3.7.3 * libwebp7-32bit-debuginfo-1.0.3-150200.3.7.3 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * ghc-unix-debuginfo-2.7.2.2-150500.3.2.5 * ghc-exceptions-devel-0.10.4-150500.3.2.5 * ghc-ghci-8.10.7-150500.3.2.5 * poppler-qt5-debugsource-23.01.0-150500.3.2.4 * ghc-time-1.9.3-150500.3.2.5 * ghc-pretty-devel-1.1.3.6-150500.3.2.5 * ghc-transformers-debuginfo-0.5.6.2-150500.3.2.5 * libmono-2_0-1-6.8.0-150200.5.2.5 * ghc-haskeline-debuginfo-0.8.2-150500.3.2.5 * ghc-binary-devel-0.8.8.0-150500.3.2.5 * ghc-hpc-0.6.1.0-150500.3.2.5 * ghc-base-4.14.3.0-150500.3.2.5 * mono-extras-6.8.0-150200.5.2.5 * mono-locale-extras-6.8.0-150200.5.2.5 * ghc-8.10.7-150500.3.2.5 * ghc-base-devel-4.14.3.0-150500.3.2.5 * ghc-hpc-debuginfo-0.6.1.0-150500.3.2.5 * ghc-array-debuginfo-0.5.4.0-150500.3.2.5 * ghc-stm-2.5.0.1-150500.3.2.5 * ghc-deepseq-devel-1.4.4.0-150500.3.2.5 * ghc-xhtml-debuginfo-3000.2.2.1-150500.3.2.5 * mono-mvc-6.8.0-150200.5.2.5 * ghc-directory-devel-1.3.6.0-150500.3.2.5 * libpoppler-qt5-1-23.01.0-150500.3.2.4 * ghc-Cabal-debuginfo-3.2.1.0-150500.3.2.5 * mono-data-oracle-6.8.0-150200.5.2.5 * ghc-ghc-boot-th-8.10.7-150500.3.2.5 * mono-complete-6.8.0-150200.5.2.5 * mono-core-6.8.0-150200.5.2.5 * ghc-bytestring-debuginfo-0.10.12.0-150500.3.2.5 * ghc-parsec-debuginfo-3.1.14.0-150500.3.2.5 * ghc-ghc-boot-debuginfo-8.10.7-150500.3.2.5 * ghc-transformers-devel-0.5.6.2-150500.3.2.5 * libmono-2_0-devel-6.8.0-150200.5.2.5 * mono-data-6.8.0-150200.5.2.5 * mono-web-6.8.0-150200.5.2.5 * ghc-parsec-3.1.14.0-150500.3.2.5 * mono-core-debugsource-6.8.0-150200.5.2.5 * ghc-process-1.6.13.2-150500.3.2.5 * ghc-haskeline-devel-0.8.2-150500.3.2.5 * ghc-time-devel-1.9.3-150500.3.2.5 * ghc-unix-devel-2.7.2.2-150500.3.2.5 * libpoppler-cpp0-debuginfo-23.01.0-150500.3.2.4 * ghc-text-debuginfo-1.2.4.1-150500.3.2.5 * mono-devel-6.8.0-150200.5.2.5 * ghc-ghc-boot-th-debuginfo-8.10.7-150500.3.2.5 * ghc-ghc-boot-th-devel-8.10.7-150500.3.2.5 * ghc-deepseq-debuginfo-1.4.4.0-150500.3.2.5 * ghc-parsec-devel-3.1.14.0-150500.3.2.5 * ghc-mtl-devel-2.2.2-150500.3.2.5 * ghc-libraries-8.10.7-150500.3.2.5 * ghc-debugsource-8.10.7-150500.3.2.5 * libpoppler-qt5-1-debuginfo-23.01.0-150500.3.2.4 * ghc-array-0.5.4.0-150500.3.2.5 * ghc-ghci-debuginfo-8.10.7-150500.3.2.5 * ghc-haskeline-0.8.2-150500.3.2.5 * ghc-terminfo-0.4.1.4-150500.3.2.5 * ghc-unix-2.7.2.2-150500.3.2.5 * ghc-deepseq-1.4.4.0-150500.3.2.5 * ghc-Cabal-3.2.1.0-150500.3.2.5 * ghc-directory-1.3.6.0-150500.3.2.5 * ghc-xhtml-3000.2.2.1-150500.3.2.5 * ghc-filepath-1.4.2.1-150500.3.2.5 * libpoppler-qt5-devel-23.01.0-150500.3.2.4 * ghc-compiler-debuginfo-8.10.7-150500.3.2.5 * ghc-binary-debuginfo-0.8.8.0-150500.3.2.5 * ghc-stm-devel-2.5.0.1-150500.3.2.5 * ghc-libiserv-8.10.7-150500.3.2.5 * ghc-containers-devel-0.6.5.1-150500.3.2.5 * libmonosgen-2_0-1-debuginfo-6.8.0-150200.5.2.5 * ghc-mtl-2.2.2-150500.3.2.5 * mono-devel-debuginfo-6.8.0-150200.5.2.5 * ghc-containers-0.6.5.1-150500.3.2.5 * ghc-transformers-0.5.6.2-150500.3.2.5 * ghc-ghc-compact-0.1.0.0-150500.3.2.5 * ghc-xml-conduit-1.9.1.1-150500.3.2.3 * ghc-containers-debuginfo-0.6.5.1-150500.3.2.5 * ghc-text-devel-1.2.4.1-150500.3.2.5 * ghc-hpc-devel-0.6.1.0-150500.3.2.5 * ghc-ghc-compact-debuginfo-0.1.0.0-150500.3.2.5 * ghc-terminfo-debuginfo-0.4.1.4-150500.3.2.5 * ghc-text-1.2.4.1-150500.3.2.5 * ghc-stm-debuginfo-2.5.0.1-150500.3.2.5 * ghc-compiler-8.10.7-150500.3.2.5 * ghc-xhtml-devel-3000.2.2.1-150500.3.2.5 * mono-reactive-6.8.0-150200.5.2.5 * ghc-ghci-devel-8.10.7-150500.3.2.5 * ghc-xml-conduit-devel-1.9.1.1-150500.3.2.3 * ghc-filepath-debuginfo-1.4.2.1-150500.3.2.5 * ghc-exceptions-debuginfo-0.10.4-150500.3.2.5 * libmonosgen-2_0-1-6.8.0-150200.5.2.5 * libmonosgen-2_0-devel-6.8.0-150200.5.2.5 * ghc-debuginfo-8.10.7-150500.3.2.5 * monodoc-core-6.8.0-150200.5.2.5 * ghc-template-haskell-devel-2.16.0.0-150500.3.2.5 * mono-winforms-6.8.0-150200.5.2.5 * ghc-bytestring-0.10.12.0-150500.3.2.5 * ghc-ghc-8.10.7-150500.3.2.5 * ghc-libiserv-devel-8.10.7-150500.3.2.5 * ghc-ghc-boot-8.10.7-150500.3.2.5 * ghc-directory-debuginfo-1.3.6.0-150500.3.2.5 * ghc-mtl-debuginfo-2.2.2-150500.3.2.5 * ghc-ghc-heap-debuginfo-8.10.7-150500.3.2.5 * ghc-ghc-heap-8.10.7-150500.3.2.5 * libpoppler-devel-23.01.0-150500.3.2.4 * ghc-bytestring-devel-0.10.12.0-150500.3.2.5 * ghc-ghc-heap-devel-8.10.7-150500.3.2.5 * ghc-pretty-debuginfo-1.1.3.6-150500.3.2.5 * ghc-exceptions-0.10.4-150500.3.2.5 * ghc-libiserv-debuginfo-8.10.7-150500.3.2.5 * ghc-process-devel-1.6.13.2-150500.3.2.5 * ghc-array-devel-0.5.4.0-150500.3.2.5 * ghc-base-debuginfo-4.14.3.0-150500.3.2.5 * ghc-time-debuginfo-1.9.3-150500.3.2.5 * ghc-terminfo-devel-0.4.1.4-150500.3.2.5 * mono-wcf-6.8.0-150200.5.2.5 * ghc-template-haskell-debuginfo-2.16.0.0-150500.3.2.5 * mono-core-debuginfo-6.8.0-150200.5.2.5 * ghc-ghc-debuginfo-8.10.7-150500.3.2.5 * mono-data-sqlite-6.8.0-150200.5.2.5 * ghc-filepath-devel-1.4.2.1-150500.3.2.5 * ghc-process-debuginfo-1.6.13.2-150500.3.2.5 * ghc-ghc-devel-8.10.7-150500.3.2.5 * mono-winfxcore-6.8.0-150200.5.2.5 * ghc-binary-0.8.8.0-150500.3.2.5 * ibm-data-db2-6.8.0-150200.5.2.5 * ghc-Cabal-devel-3.2.1.0-150500.3.2.5 * ghc-pretty-1.1.3.6-150500.3.2.5 * ghc-ghc-compact-devel-0.1.0.0-150500.3.2.5 * poppler-debugsource-23.01.0-150500.3.2.4 * ghc-template-haskell-2.16.0.0-150500.3.2.5 * libpoppler-cpp0-23.01.0-150500.3.2.4 * ghc-ghc-boot-devel-8.10.7-150500.3.2.5 * SUSE Package Hub 15 15-SP5 (noarch) * python3-mccabe-0.6.1-150000.3.4.3 * SUSE Package Hub 15 15-SP5 (ppc64le s390x x86_64) * libmonoboehm-2_0-1-6.8.0-150200.5.2.5 * libmonoboehm-2_0-devel-6.8.0-150200.5.2.5 * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * libmonoboehm-2_0-1-debuginfo-6.8.0-150200.5.2.5 * SUSE Package Hub 15 15-SP5 (x86_64) * libwebp-debugsource-1.0.3-150200.3.7.3 * gstreamer-32bit-1.22.0-150500.3.2.3 * libwebp7-32bit-1.0.3-150200.3.7.3 * libpoppler126-32bit-23.01.0-150500.3.2.4 * libpoppler126-32bit-debuginfo-23.01.0-150500.3.2.4 * gstreamer-debugsource-1.22.0-150500.3.2.3 * libopenjp2-7-32bit-2.3.0-150000.3.10.1 * gstreamer-debuginfo-1.22.0-150500.3.2.3 * libpoppler-glib8-32bit-23.01.0-150500.3.2.4 * libgstreamer-1_0-0-32bit-debuginfo-1.22.0-150500.3.2.3 * gstreamer-32bit-debuginfo-1.22.0-150500.3.2.3 * libpoppler-glib8-32bit-debuginfo-23.01.0-150500.3.2.4 * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.10.1 * libgstreamer-1_0-0-32bit-1.22.0-150500.3.2.3 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * openjpeg2-debuginfo-2.3.0-150000.3.10.1 * libopenjp2-7-debuginfo-2.3.0-150000.3.10.1 * openjpeg2-2.3.0-150000.3.10.1 * libwebpdecoder3-1.0.3-150200.3.7.3 * libwebpmux3-debuginfo-1.0.3-150200.3.7.3 * libwebpmux3-1.0.3-150200.3.7.3 * libwebpdecoder3-debuginfo-1.0.3-150200.3.7.3 * libwebpdemux2-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-debugsource-2.3.0-150000.3.10.1 * libwebp-devel-1.0.3-150200.3.7.3 * libopenjp2-7-2.3.0-150000.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-devel-2.3.0-150000.3.10.1 * libwebp7-1.0.3-150200.3.7.3 * libwebp-debugsource-1.0.3-150200.3.7.3 * libwebpdemux2-1.0.3-150200.3.7.3 * SUSE Manager Proxy 4.2 (x86_64) * openjpeg2-debuginfo-2.3.0-150000.3.10.1 * libopenjp2-7-debuginfo-2.3.0-150000.3.10.1 * openjpeg2-2.3.0-150000.3.10.1 * libwebpdecoder3-1.0.3-150200.3.7.3 * libwebpmux3-debuginfo-1.0.3-150200.3.7.3 * libwebpmux3-1.0.3-150200.3.7.3 * libwebpdecoder3-debuginfo-1.0.3-150200.3.7.3 * libwebpdemux2-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-debugsource-2.3.0-150000.3.10.1 * libwebp-devel-1.0.3-150200.3.7.3 * libopenjp2-7-2.3.0-150000.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-devel-2.3.0-150000.3.10.1 * libwebp7-1.0.3-150200.3.7.3 * libwebp-debugsource-1.0.3-150200.3.7.3 * libwebpdemux2-1.0.3-150200.3.7.3 * SUSE Manager Retail Branch Server 4.2 (x86_64) * openjpeg2-debuginfo-2.3.0-150000.3.10.1 * libopenjp2-7-debuginfo-2.3.0-150000.3.10.1 * openjpeg2-2.3.0-150000.3.10.1 * libwebpdecoder3-1.0.3-150200.3.7.3 * libwebpmux3-debuginfo-1.0.3-150200.3.7.3 * libwebpmux3-1.0.3-150200.3.7.3 * libwebpdecoder3-debuginfo-1.0.3-150200.3.7.3 * libwebpdemux2-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-debugsource-2.3.0-150000.3.10.1 * libwebp-devel-1.0.3-150200.3.7.3 * libopenjp2-7-2.3.0-150000.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-devel-2.3.0-150000.3.10.1 * libwebp7-1.0.3-150200.3.7.3 * libwebp-debugsource-1.0.3-150200.3.7.3 * libwebpdemux2-1.0.3-150200.3.7.3 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * openjpeg2-debuginfo-2.3.0-150000.3.10.1 * libopenjp2-7-debuginfo-2.3.0-150000.3.10.1 * openjpeg2-2.3.0-150000.3.10.1 * libwebpdecoder3-1.0.3-150200.3.7.3 * libwebpmux3-debuginfo-1.0.3-150200.3.7.3 * libwebpmux3-1.0.3-150200.3.7.3 * libwebpdecoder3-debuginfo-1.0.3-150200.3.7.3 * libwebpdemux2-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-debugsource-2.3.0-150000.3.10.1 * libwebp-devel-1.0.3-150200.3.7.3 * libopenjp2-7-2.3.0-150000.3.10.1 * libwebp7-debuginfo-1.0.3-150200.3.7.3 * openjpeg2-devel-2.3.0-150000.3.10.1 * libwebp7-1.0.3-150200.3.7.3 * libwebp-debugsource-1.0.3-150200.3.7.3 * libwebpdemux2-1.0.3-150200.3.7.3 ## References: * https://jira.suse.com/browse/MSC-641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:11 -0000 Subject: SUSE-SU-2023:3145-1: moderate: Security update for salt Message-ID: <169096591164.20516.2570848762429875198@smelt2.suse.de> # Security update for salt Announcement ID: SUSE-SU-2023:3145-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Transactional Server Module 15-SP4 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: * Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3145=1 openSUSE-SLE-15.4-2023-3145=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3145=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3145=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3145=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3145=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3145=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3145=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3145=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3145=1 * Transactional Server Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2023-3145=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * salt-doc-3006.0-150400.8.37.2 * salt-standalone-formulas-configuration-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * salt-cloud-3006.0-150400.8.37.2 * salt-api-3006.0-150400.8.37.2 * salt-tests-3006.0-150400.8.37.2 * salt-ssh-3006.0-150400.8.37.2 * salt-proxy-3006.0-150400.8.37.2 * salt-syndic-3006.0-150400.8.37.2 * salt-master-3006.0-150400.8.37.2 * salt-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * openSUSE Leap 15.4 (noarch) * salt-bash-completion-3006.0-150400.8.37.2 * salt-fish-completion-3006.0-150400.8.37.2 * salt-zsh-completion-3006.0-150400.8.37.2 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * salt-doc-3006.0-150400.8.37.2 * Basesystem Module 15-SP4 (noarch) * salt-bash-completion-3006.0-150400.8.37.2 * salt-zsh-completion-3006.0-150400.8.37.2 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-standalone-formulas-configuration-3006.0-150400.8.37.2 * salt-cloud-3006.0-150400.8.37.2 * salt-api-3006.0-150400.8.37.2 * salt-ssh-3006.0-150400.8.37.2 * salt-proxy-3006.0-150400.8.37.2 * salt-syndic-3006.0-150400.8.37.2 * salt-master-3006.0-150400.8.37.2 * Server Applications Module 15-SP4 (noarch) * salt-fish-completion-3006.0-150400.8.37.2 * Transactional Server Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-transactional-update-3006.0-150400.8.37.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:15 -0000 Subject: SUSE-SU-2023:3144-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <169096591580.20516.2960128681342356326@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:3144-1 Rating: moderate References: * #1208612 * #1211741 * #1212279 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability, contains three features and has two fixes can now be installed. ## Description: This update fixes the following issues: python-tornado: * Security fixes: * CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741) prometheus-blackbox_exporter: * Use obscpio for go modules service * Set version number * Set build date from SOURCE_DATE_EPOCH * Update to 0.24.0 (bsc#1212279, jsc#PED-4556) * Requires go1.19 * Avoid empty validation script * Add rc symlink for backwards compatibility spacecmd: * Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3144=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3144=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3144=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3144=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-3144=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-3144=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3144=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3144=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3144=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3144=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3144=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3144=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3144=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-3144=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3144=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-3144=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3144=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3144=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3144=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3144=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3144=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3144=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3144=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3144=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3144=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3144=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3144=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3144=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3144=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3144=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3144=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3144=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3144=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3144=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * openSUSE Leap 15.4 (noarch) * spacecmd-4.3.22-150000.3.101.1 * system-user-prometheus-1.0.0-150000.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * openSUSE Leap 15.5 (noarch) * spacecmd-4.3.22-150000.3.101.1 * system-user-prometheus-1.0.0-150000.10.1 * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * SUSE Manager Client Tools for SLE 15 (noarch) * spacecmd-4.3.22-150000.3.101.1 * system-user-prometheus-1.0.0-150000.10.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * system-user-prometheus-1.0.0-150000.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Manager Proxy 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * system-user-prometheus-1.0.0-150000.10.1 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * system-user-prometheus-1.0.0-150000.10.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * system-user-prometheus-1.0.0-150000.10.1 * SUSE Manager Server 4.3 Module 4.3 (noarch) * system-user-prometheus-1.0.0-150000.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Manager Proxy 4.2 (x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE CaaS Platform 4.0 (x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1212279 * https://jira.suse.com/browse/MSQA-679 * https://jira.suse.com/browse/PED-3694 * https://jira.suse.com/browse/PED-4556 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:19 -0000 Subject: SUSE-SU-2023:3143-1: moderate: Security update for salt Message-ID: <169096591939.20516.10951005947806508129@smelt2.suse.de> # Security update for salt Announcement ID: SUSE-SU-2023:3143-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: * Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3143=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3143=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3143=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3143=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3143=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3143=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3143=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3143=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3143=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3143=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3143=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3143=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-salt-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-transactional-update-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-salt-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-transactional-update-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * salt-ssh-3006.0-150300.53.53.2 * python3-salt-3006.0-150300.53.53.2 * salt-standalone-formulas-configuration-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-cloud-3006.0-150300.53.53.2 * salt-api-3006.0-150300.53.53.2 * salt-master-3006.0-150300.53.53.2 * salt-syndic-3006.0-150300.53.53.2 * salt-doc-3006.0-150300.53.53.2 * salt-proxy-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * salt-fish-completion-3006.0-150300.53.53.2 * salt-bash-completion-3006.0-150300.53.53.2 * salt-zsh-completion-3006.0-150300.53.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * salt-ssh-3006.0-150300.53.53.2 * python3-salt-3006.0-150300.53.53.2 * salt-standalone-formulas-configuration-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-cloud-3006.0-150300.53.53.2 * salt-api-3006.0-150300.53.53.2 * salt-master-3006.0-150300.53.53.2 * salt-syndic-3006.0-150300.53.53.2 * salt-doc-3006.0-150300.53.53.2 * salt-proxy-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * salt-fish-completion-3006.0-150300.53.53.2 * salt-bash-completion-3006.0-150300.53.53.2 * salt-zsh-completion-3006.0-150300.53.53.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * salt-ssh-3006.0-150300.53.53.2 * python3-salt-3006.0-150300.53.53.2 * salt-standalone-formulas-configuration-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-cloud-3006.0-150300.53.53.2 * salt-api-3006.0-150300.53.53.2 * salt-master-3006.0-150300.53.53.2 * salt-syndic-3006.0-150300.53.53.2 * salt-doc-3006.0-150300.53.53.2 * salt-proxy-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * salt-fish-completion-3006.0-150300.53.53.2 * salt-bash-completion-3006.0-150300.53.53.2 * salt-zsh-completion-3006.0-150300.53.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * salt-ssh-3006.0-150300.53.53.2 * python3-salt-3006.0-150300.53.53.2 * salt-standalone-formulas-configuration-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-cloud-3006.0-150300.53.53.2 * salt-api-3006.0-150300.53.53.2 * salt-master-3006.0-150300.53.53.2 * salt-syndic-3006.0-150300.53.53.2 * salt-doc-3006.0-150300.53.53.2 * salt-proxy-3006.0-150300.53.53.2 * salt-transactional-update-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * salt-fish-completion-3006.0-150300.53.53.2 * salt-bash-completion-3006.0-150300.53.53.2 * salt-zsh-completion-3006.0-150300.53.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * salt-ssh-3006.0-150300.53.53.2 * python3-salt-3006.0-150300.53.53.2 * salt-standalone-formulas-configuration-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-cloud-3006.0-150300.53.53.2 * salt-api-3006.0-150300.53.53.2 * salt-master-3006.0-150300.53.53.2 * salt-syndic-3006.0-150300.53.53.2 * salt-doc-3006.0-150300.53.53.2 * salt-proxy-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * salt-fish-completion-3006.0-150300.53.53.2 * salt-bash-completion-3006.0-150300.53.53.2 * salt-zsh-completion-3006.0-150300.53.53.2 * SUSE Manager Proxy 4.2 (x86_64) * salt-ssh-3006.0-150300.53.53.2 * python3-salt-3006.0-150300.53.53.2 * salt-standalone-formulas-configuration-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-cloud-3006.0-150300.53.53.2 * salt-api-3006.0-150300.53.53.2 * salt-master-3006.0-150300.53.53.2 * salt-syndic-3006.0-150300.53.53.2 * salt-doc-3006.0-150300.53.53.2 * salt-proxy-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Manager Proxy 4.2 (noarch) * salt-fish-completion-3006.0-150300.53.53.2 * salt-bash-completion-3006.0-150300.53.53.2 * salt-zsh-completion-3006.0-150300.53.53.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * salt-ssh-3006.0-150300.53.53.2 * python3-salt-3006.0-150300.53.53.2 * salt-standalone-formulas-configuration-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-cloud-3006.0-150300.53.53.2 * salt-api-3006.0-150300.53.53.2 * salt-master-3006.0-150300.53.53.2 * salt-syndic-3006.0-150300.53.53.2 * salt-doc-3006.0-150300.53.53.2 * salt-proxy-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * salt-fish-completion-3006.0-150300.53.53.2 * salt-bash-completion-3006.0-150300.53.53.2 * salt-zsh-completion-3006.0-150300.53.53.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * salt-ssh-3006.0-150300.53.53.2 * python3-salt-3006.0-150300.53.53.2 * salt-standalone-formulas-configuration-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-cloud-3006.0-150300.53.53.2 * salt-api-3006.0-150300.53.53.2 * salt-master-3006.0-150300.53.53.2 * salt-syndic-3006.0-150300.53.53.2 * salt-doc-3006.0-150300.53.53.2 * salt-proxy-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Manager Server 4.2 (noarch) * salt-fish-completion-3006.0-150300.53.53.2 * salt-bash-completion-3006.0-150300.53.53.2 * salt-zsh-completion-3006.0-150300.53.53.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * salt-ssh-3006.0-150300.53.53.2 * python3-salt-3006.0-150300.53.53.2 * salt-standalone-formulas-configuration-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-cloud-3006.0-150300.53.53.2 * salt-api-3006.0-150300.53.53.2 * salt-master-3006.0-150300.53.53.2 * salt-syndic-3006.0-150300.53.53.2 * salt-doc-3006.0-150300.53.53.2 * salt-proxy-3006.0-150300.53.53.2 * salt-transactional-update-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 * SUSE Enterprise Storage 7.1 (noarch) * salt-fish-completion-3006.0-150300.53.53.2 * salt-bash-completion-3006.0-150300.53.53.2 * salt-zsh-completion-3006.0-150300.53.53.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python3-salt-3006.0-150300.53.53.2 * salt-minion-3006.0-150300.53.53.2 * salt-transactional-update-3006.0-150300.53.53.2 * salt-3006.0-150300.53.53.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:22 -0000 Subject: SUSE-SU-2023:3142-1: moderate: Security update for SUSE Manager Salt Bundle Message-ID: <169096592252.20516.5862603747812137884@smelt2.suse.de> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:3142-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 * #1212516 * #1212517 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability, contains one feature and has four fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-28370: Tornado: Fix an open redirect in StaticFileHandler (bsc#1211741) * Bug fixes: * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-3142=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-3142=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-3142=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-3142=1 ## Package List: * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.35.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * venv-salt-minion-3006.0-150000.3.35.1 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.35.1 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.35.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:25 -0000 Subject: SUSE-SU-2023:3139-1: moderate: Security update for salt Message-ID: <169096592523.20516.16774042458220486933@smelt2.suse.de> # Security update for salt Announcement ID: SUSE-SU-2023:3139-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * Transactional Server Module 15-SP5 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: * Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3139=1 openSUSE-SLE-15.5-2023-3139=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3139=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3139=1 * Transactional Server Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP5-2023-3139=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * salt-master-3006.0-150500.4.12.2 * salt-proxy-3006.0-150500.4.12.2 * salt-standalone-formulas-configuration-3006.0-150500.4.12.2 * salt-tests-3006.0-150500.4.12.2 * salt-ssh-3006.0-150500.4.12.2 * salt-cloud-3006.0-150500.4.12.2 * salt-3006.0-150500.4.12.2 * python3-salt-3006.0-150500.4.12.2 * salt-api-3006.0-150500.4.12.2 * salt-transactional-update-3006.0-150500.4.12.2 * salt-syndic-3006.0-150500.4.12.2 * salt-doc-3006.0-150500.4.12.2 * salt-minion-3006.0-150500.4.12.2 * openSUSE Leap 15.5 (noarch) * salt-fish-completion-3006.0-150500.4.12.2 * salt-bash-completion-3006.0-150500.4.12.2 * salt-zsh-completion-3006.0-150500.4.12.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-salt-3006.0-150500.4.12.2 * salt-minion-3006.0-150500.4.12.2 * salt-3006.0-150500.4.12.2 * salt-doc-3006.0-150500.4.12.2 * Basesystem Module 15-SP5 (noarch) * salt-bash-completion-3006.0-150500.4.12.2 * salt-zsh-completion-3006.0-150500.4.12.2 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * salt-master-3006.0-150500.4.12.2 * salt-proxy-3006.0-150500.4.12.2 * salt-standalone-formulas-configuration-3006.0-150500.4.12.2 * salt-ssh-3006.0-150500.4.12.2 * salt-cloud-3006.0-150500.4.12.2 * salt-api-3006.0-150500.4.12.2 * salt-syndic-3006.0-150500.4.12.2 * Server Applications Module 15-SP5 (noarch) * salt-fish-completion-3006.0-150500.4.12.2 * Transactional Server Module 15-SP5 (aarch64 ppc64le s390x x86_64) * salt-transactional-update-3006.0-150500.4.12.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:27 -0000 Subject: SUSE-RU-202306:15229-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169096592715.20516.14875996748535198773@smelt2.suse.de> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-202306:15229-1 Rating: moderate References: * #1208612 Affected Products: * SUSE Manager Client Tools for Ubuntu 22.04 2204 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 22.04 2204 zypper in -t patch suse-ubu224ct-client-tools-202306-15229=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 22.04 2204 (all) * spacecmd-4.3.22-2.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:29 -0000 Subject: SUSE-SU-2023:3137-1: moderate: Security update for SUSE Manager Salt Bundle Message-ID: <169096592998.20516.6943356968989063717@smelt2.suse.de> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:3137-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 * #1211754 * #1212516 * #1212517 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 An update that solves one vulnerability, contains one feature and has five fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * CVE-2023-28370: Tornado: Fix an open redirect issue in the static file handler (bsc#1211741) * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-3137=1 ## Package List: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-1.19.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:43 -0000 Subject: SUSE-SU-2023:3136-1: critical: Maintenance update for SUSE Manager 4.3.7 Release Notes Message-ID: <169096594379.20516.5133018080803011110@smelt2.suse.de> # Maintenance update for SUSE Manager 4.3.7 Release Notes Announcement ID: SUSE-SU-2023:3136-1 Rating: critical References: * #1175823 * #1179747 * #1195380 * #1201337 * #1204089 * #1207330 * #1207550 * #1207691 * #1207941 * #1208528 * #1208577 * #1208612 * #1208720 * #1208984 * #1209156 * #1210011 * #1210103 * #1210394 * #1210406 * #1210456 * #1210475 * #1210659 * #1210834 * #1210957 * #1210994 * #1211062 * #1211276 * #1211330 * #1211469 * #1211621 * #1211650 * #1211713 * #1211897 * #1211929 * #1212032 * #1212550 * #1212588 * #1212700 * #1212770 * #1212771 * #1213432 Cross-References: * CVE-2023-2183 * CVE-2023-2801 * CVE-2023-3128 CVSS scores: * CVE-2023-2183 ( SUSE ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N * CVE-2023-2183 ( NVD ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N * CVE-2023-2801 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2801 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3128 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2023-3128 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.4 An update that solves three vulnerabilities, contains one feature and has 38 fixes can now be installed. ## Description: Maintenance update for SUSE Manager 4.3.7 Release Notes: This is a codestream only update ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3136=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-proxy-4.3.7-150400.3.58.1 * release-notes-susemanager-4.3.7-150400.3.72.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2183.html * https://www.suse.com/security/cve/CVE-2023-2801.html * https://www.suse.com/security/cve/CVE-2023-3128.html * https://bugzilla.suse.com/show_bug.cgi?id=1175823 * https://bugzilla.suse.com/show_bug.cgi?id=1179747 * https://bugzilla.suse.com/show_bug.cgi?id=1195380 * https://bugzilla.suse.com/show_bug.cgi?id=1201337 * https://bugzilla.suse.com/show_bug.cgi?id=1204089 * https://bugzilla.suse.com/show_bug.cgi?id=1207330 * https://bugzilla.suse.com/show_bug.cgi?id=1207550 * https://bugzilla.suse.com/show_bug.cgi?id=1207691 * https://bugzilla.suse.com/show_bug.cgi?id=1207941 * https://bugzilla.suse.com/show_bug.cgi?id=1208528 * https://bugzilla.suse.com/show_bug.cgi?id=1208577 * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://bugzilla.suse.com/show_bug.cgi?id=1208720 * https://bugzilla.suse.com/show_bug.cgi?id=1208984 * https://bugzilla.suse.com/show_bug.cgi?id=1209156 * https://bugzilla.suse.com/show_bug.cgi?id=1210011 * https://bugzilla.suse.com/show_bug.cgi?id=1210103 * https://bugzilla.suse.com/show_bug.cgi?id=1210394 * https://bugzilla.suse.com/show_bug.cgi?id=1210406 * https://bugzilla.suse.com/show_bug.cgi?id=1210456 * https://bugzilla.suse.com/show_bug.cgi?id=1210475 * https://bugzilla.suse.com/show_bug.cgi?id=1210659 * https://bugzilla.suse.com/show_bug.cgi?id=1210834 * https://bugzilla.suse.com/show_bug.cgi?id=1210957 * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211062 * https://bugzilla.suse.com/show_bug.cgi?id=1211276 * https://bugzilla.suse.com/show_bug.cgi?id=1211330 * https://bugzilla.suse.com/show_bug.cgi?id=1211469 * https://bugzilla.suse.com/show_bug.cgi?id=1211621 * https://bugzilla.suse.com/show_bug.cgi?id=1211650 * https://bugzilla.suse.com/show_bug.cgi?id=1211713 * https://bugzilla.suse.com/show_bug.cgi?id=1211897 * https://bugzilla.suse.com/show_bug.cgi?id=1211929 * https://bugzilla.suse.com/show_bug.cgi?id=1212032 * https://bugzilla.suse.com/show_bug.cgi?id=1212550 * https://bugzilla.suse.com/show_bug.cgi?id=1212588 * https://bugzilla.suse.com/show_bug.cgi?id=1212700 * https://bugzilla.suse.com/show_bug.cgi?id=1212770 * https://bugzilla.suse.com/show_bug.cgi?id=1212771 * https://bugzilla.suse.com/show_bug.cgi?id=1213432 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:47 -0000 Subject: SUSE-SU-202306:15228-1: moderate: Security update for SUSE Manager Salt Bundle Message-ID: <169096594709.20516.11797269509414656805@smelt2.suse.de> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-202306:15228-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 * #1211754 * #1212516 * #1212517 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Manager Client Tools for Ubuntu 18.04 1804 An update that solves one vulnerability, contains one feature and has five fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-28370: Tornado: Fix an open redirect issue in the static file handler (bsc#1211741) * Bug fixes: * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 18.04 1804 zypper in -t patch suse-ubu184ct-client-tools-202306-15228=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 18.04 1804 (amd64) * venv-salt-minion-3006.0-2.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:50 -0000 Subject: SUSE-SU-2023:3134-1: moderate: Security update for SUSE Manager Salt Bundle Message-ID: <169096595013.20516.9162359183994114752@smelt2.suse.de> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:3134-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 * #1211754 * #1212516 * #1212517 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Manager Client Tools for Debian 11 An update that solves one vulnerability, contains one feature and has five fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-28370: Tornado: Fix an open redirect issue in the static file handler (bsc#1211741) * Bug fixes: * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 11 zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2023-3134=1 ## Package List: * SUSE Manager Client Tools for Debian 11 (amd64) * venv-salt-minion-3006.0-2.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:53 -0000 Subject: SUSE-SU-2023:3132-1: moderate: Security update for SUSE Manager Salt Bundle Message-ID: <169096595315.20516.3636745472383254090@smelt2.suse.de> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:3132-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 * #1211754 * #1212516 * #1212517 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Manager Client Tools for Debian 10 An update that solves one vulnerability, contains one feature and has five fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-28370: Tornado: Fix an open redirect in StaticFileHandler (bsc#1211741) * Bug fixes: * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 10 zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2023-3132=1 ## Package List: * SUSE Manager Client Tools for Debian 10 (amd64) * venv-salt-minion-3006.0-2.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:55 -0000 Subject: SUSE-SU-2023:3131-1: moderate: Security update for salt Message-ID: <169096595585.20516.2106265186334567084@smelt2.suse.de> # Security update for salt Announcement ID: SUSE-SU-2023:3131-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: * Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3131=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3131=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3131=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3131=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * salt-syndic-3006.0-150200.101.2 * salt-api-3006.0-150200.101.2 * python3-salt-3006.0-150200.101.2 * salt-3006.0-150200.101.2 * salt-minion-3006.0-150200.101.2 * salt-cloud-3006.0-150200.101.2 * salt-doc-3006.0-150200.101.2 * salt-proxy-3006.0-150200.101.2 * salt-standalone-formulas-configuration-3006.0-150200.101.2 * salt-master-3006.0-150200.101.2 * salt-ssh-3006.0-150200.101.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * salt-bash-completion-3006.0-150200.101.2 * salt-fish-completion-3006.0-150200.101.2 * salt-zsh-completion-3006.0-150200.101.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * salt-syndic-3006.0-150200.101.2 * salt-api-3006.0-150200.101.2 * python3-salt-3006.0-150200.101.2 * salt-3006.0-150200.101.2 * salt-minion-3006.0-150200.101.2 * salt-cloud-3006.0-150200.101.2 * salt-doc-3006.0-150200.101.2 * salt-proxy-3006.0-150200.101.2 * salt-transactional-update-3006.0-150200.101.2 * salt-standalone-formulas-configuration-3006.0-150200.101.2 * salt-master-3006.0-150200.101.2 * salt-ssh-3006.0-150200.101.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * salt-bash-completion-3006.0-150200.101.2 * salt-fish-completion-3006.0-150200.101.2 * salt-zsh-completion-3006.0-150200.101.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * salt-syndic-3006.0-150200.101.2 * salt-api-3006.0-150200.101.2 * python3-salt-3006.0-150200.101.2 * salt-3006.0-150200.101.2 * salt-minion-3006.0-150200.101.2 * salt-cloud-3006.0-150200.101.2 * salt-doc-3006.0-150200.101.2 * salt-proxy-3006.0-150200.101.2 * salt-transactional-update-3006.0-150200.101.2 * salt-standalone-formulas-configuration-3006.0-150200.101.2 * salt-master-3006.0-150200.101.2 * salt-ssh-3006.0-150200.101.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * salt-bash-completion-3006.0-150200.101.2 * salt-fish-completion-3006.0-150200.101.2 * salt-zsh-completion-3006.0-150200.101.2 * SUSE Enterprise Storage 7 (aarch64 x86_64) * salt-syndic-3006.0-150200.101.2 * salt-api-3006.0-150200.101.2 * python3-salt-3006.0-150200.101.2 * salt-3006.0-150200.101.2 * salt-minion-3006.0-150200.101.2 * salt-cloud-3006.0-150200.101.2 * salt-doc-3006.0-150200.101.2 * salt-proxy-3006.0-150200.101.2 * salt-transactional-update-3006.0-150200.101.2 * salt-standalone-formulas-configuration-3006.0-150200.101.2 * salt-master-3006.0-150200.101.2 * salt-ssh-3006.0-150200.101.2 * SUSE Enterprise Storage 7 (noarch) * salt-bash-completion-3006.0-150200.101.2 * salt-fish-completion-3006.0-150200.101.2 * salt-zsh-completion-3006.0-150200.101.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:45:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:45:57 -0000 Subject: SUSE-RU-2023:3130-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169096595762.20516.16880554490854807939@smelt2.suse.de> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:3130-1 Rating: moderate References: * #1208612 Affected Products: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-3130=1 ## Package List: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (noarch) * spacecmd-4.3.22-1.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:46:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:46:01 -0000 Subject: SUSE-SU-2023:3129-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <169096596192.20516.4806682366223618830@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:3129-1 Rating: moderate References: * #1208612 * #1210994 * #1211591 * #1211741 * #1211754 * #1212516 * #1212517 * #1213432 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Manager Client Tools for Debian 10 An update that solves one vulnerability, contains one feature and has seven fixes can now be installed. ## Description: This update fixes the following issues: salt: * Security fixes: * CVE-2023-28370: Tornado: Fix an open redirect issue in the static file handler (bsc#1211741) * Bug fixes: * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) spacecmd: * Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) python-looseversion: \- version 1.0.2-2 * Add Section to package metadata (bsc#1213432) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 10 zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2023-3129=1 ## Package List: * SUSE Manager Client Tools for Debian 10 (all) * python3-looseversion-1.0.2-2 * spacecmd-4.3.22-2.51.2 * salt-common-3006.0+ds-1+2.83.2 * salt-minion-3006.0+ds-1+2.83.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://bugzilla.suse.com/show_bug.cgi?id=1213432 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:46:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:46:04 -0000 Subject: SUSE-SU-2023:3128-1: moderate: Security update for SUSE Manager Salt Bundle Message-ID: <169096596496.20516.16824459254499966466@smelt2.suse.de> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:3128-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 * #1211754 * #1212516 * #1212517 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves one vulnerability, contains one feature and has five fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-28370: Tornado: Fix an open redirect in StaticFileHandler (bsc#1211741) * Bug fixes: * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-3128=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-3.33.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:46:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:46:08 -0000 Subject: SUSE-SU-202306:15226-1: moderate: Security update for SUSE Manager Salt Bundle Message-ID: <169096596815.20516.1882709512989334596@smelt2.suse.de> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-202306:15226-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 * #1211754 * #1212516 * #1212517 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Manager Client Tools for Ubuntu 20.04 2004 An update that solves one vulnerability, contains one feature and has five fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-28370: Tornado: Fix an open redirect in StaticFileHandler (bsc#1211741) * Bug fixes: * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 20.04 2004 zypper in -t patch suse-ubu204ct-client-tools-202306-15226=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 20.04 2004 (amd64) * venv-salt-minion-3006.0-2.35.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:46:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:46:11 -0000 Subject: SUSE-SU-202306:15225-1: moderate: Security update for SUSE Manager Salt Bundle Message-ID: <169096597109.20516.2930219415256784449@smelt2.suse.de> # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-202306:15225-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 * #1211754 * #1212516 * #1212517 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Manager Client Tools for Ubuntu 22.04 2204 An update that solves one vulnerability, contains one feature and has five fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-28370: Tornado: Fix an open redirect issue in the static file handler (bsc#1211741) * Bug fixes: * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 22.04 2204 zypper in -t patch suse-ubu224ct-client-tools-202306-15225=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 22.04 2204 (amd64) * venv-salt-minion-3006.0-2.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:46:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:46:15 -0000 Subject: SUSE-RU-2023:3124-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <169096597529.20516.7925425097764991621@smelt2.suse.de> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:3124-1 Rating: moderate References: * #1208612 Affected Products: * SUSE Manager Client Tools for Debian 11 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 11 zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2023-3124=1 ## Package List: * SUSE Manager Client Tools for Debian 11 (all) * spacecmd-4.3.22-2.24.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:46:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:46:18 -0000 Subject: SUSE-SU-2023:3123-1: moderate: Security update for salt Message-ID: <169096597897.20516.18171541868300395909@smelt2.suse.de> # Security update for salt Announcement ID: SUSE-SU-2023:3123-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: * Prevent error loading 'known_hosts' when '$HOME' is not set. (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module. (bsc#1211591) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3123=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3123=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3123=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * salt-3006.0-150100.100.2 * salt-api-3006.0-150100.100.2 * python3-salt-3006.0-150100.100.2 * salt-cloud-3006.0-150100.100.2 * salt-ssh-3006.0-150100.100.2 * salt-doc-3006.0-150100.100.2 * salt-transactional-update-3006.0-150100.100.2 * salt-proxy-3006.0-150100.100.2 * salt-standalone-formulas-configuration-3006.0-150100.100.2 * salt-master-3006.0-150100.100.2 * salt-syndic-3006.0-150100.100.2 * salt-minion-3006.0-150100.100.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * salt-fish-completion-3006.0-150100.100.2 * salt-bash-completion-3006.0-150100.100.2 * salt-zsh-completion-3006.0-150100.100.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * salt-3006.0-150100.100.2 * salt-api-3006.0-150100.100.2 * python3-salt-3006.0-150100.100.2 * salt-cloud-3006.0-150100.100.2 * salt-ssh-3006.0-150100.100.2 * salt-doc-3006.0-150100.100.2 * salt-transactional-update-3006.0-150100.100.2 * salt-proxy-3006.0-150100.100.2 * salt-standalone-formulas-configuration-3006.0-150100.100.2 * salt-master-3006.0-150100.100.2 * salt-syndic-3006.0-150100.100.2 * salt-minion-3006.0-150100.100.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * salt-fish-completion-3006.0-150100.100.2 * salt-bash-completion-3006.0-150100.100.2 * salt-zsh-completion-3006.0-150100.100.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * salt-3006.0-150100.100.2 * salt-api-3006.0-150100.100.2 * python3-salt-3006.0-150100.100.2 * salt-cloud-3006.0-150100.100.2 * salt-ssh-3006.0-150100.100.2 * salt-doc-3006.0-150100.100.2 * salt-transactional-update-3006.0-150100.100.2 * salt-proxy-3006.0-150100.100.2 * salt-standalone-formulas-configuration-3006.0-150100.100.2 * salt-master-3006.0-150100.100.2 * salt-syndic-3006.0-150100.100.2 * salt-minion-3006.0-150100.100.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * salt-fish-completion-3006.0-150100.100.2 * salt-bash-completion-3006.0-150100.100.2 * salt-zsh-completion-3006.0-150100.100.2 * SUSE CaaS Platform 4.0 (x86_64) * salt-3006.0-150100.100.2 * salt-api-3006.0-150100.100.2 * python3-salt-3006.0-150100.100.2 * salt-cloud-3006.0-150100.100.2 * salt-ssh-3006.0-150100.100.2 * salt-doc-3006.0-150100.100.2 * salt-transactional-update-3006.0-150100.100.2 * salt-proxy-3006.0-150100.100.2 * salt-standalone-formulas-configuration-3006.0-150100.100.2 * salt-master-3006.0-150100.100.2 * salt-syndic-3006.0-150100.100.2 * salt-minion-3006.0-150100.100.2 * SUSE CaaS Platform 4.0 (noarch) * salt-fish-completion-3006.0-150100.100.2 * salt-bash-completion-3006.0-150100.100.2 * salt-zsh-completion-3006.0-150100.100.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:46:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:46:22 -0000 Subject: SUSE-SU-2023:3122-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <169096598228.20516.173984084607740141@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:3122-1 Rating: moderate References: * #1204089 * #1208612 * #1211741 * #1212279 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Advanced Systems Management Module 12 * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves one vulnerability, contains three features and has three fixes can now be installed. ## Description: This update fixes the following issues: python-tornado: * Security fixes: * CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741) kiwi-desc-saltboot: * Update to version 0.1.1687520761.cefb248 * Add osimage cert package to bootstrap for SUSE Linux Enterprise 12 images (bsc#1204089) prometheus-blackbox_exporter: * Use obscpio for go modules service * Set version number * Set build date from SOURCE_DATE_EPOCH * Update to 0.24.0 (bsc#1212279, jsc#PED-4556) * Requires go1.19 * Avoid empty validation script * Add rc symlink for backwards compatibility spacecmd: * Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-3122=1 * Advanced Systems Management Module 12 zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2023-3122=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * prometheus-blackbox_exporter-debuginfo-0.24.0-1.20.3 * python-tornado-4.2.1-17.7.1 * python3-tornado-4.2.1-17.7.1 * prometheus-blackbox_exporter-0.24.0-1.20.3 * python-tornado-debuginfo-4.2.1-17.7.1 * python-tornado-debugsource-4.2.1-17.7.1 * SUSE Manager Client Tools for SLE 12 (noarch) * spacecmd-4.3.22-38.124.3 * kiwi-desc-saltboot-0.1.1687520761.cefb248-1.35.2 * Advanced Systems Management Module 12 (ppc64le s390x x86_64) * python-tornado-debuginfo-4.2.1-17.7.1 * python-tornado-4.2.1-17.7.1 * python3-tornado-4.2.1-17.7.1 * python-tornado-debugsource-4.2.1-17.7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1204089 * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1212279 * https://jira.suse.com/browse/MSQA-679 * https://jira.suse.com/browse/PED-3694 * https://jira.suse.com/browse/PED-4556 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:46:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:46:25 -0000 Subject: SUSE-SU-202306:15224-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <169096598572.20516.4264221413576569527@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-202306:15224-1 Rating: moderate References: * #1208612 * #1210994 * #1211591 * #1211741 * #1211754 * #1212516 * #1212517 * #1213432 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Manager Client Tools for Ubuntu 18.04 1804 An update that solves one vulnerability, contains one feature and has seven fixes can now be installed. ## Description: This update fixes the following issues: salt: * Security fixes: * CVE-2023-28370: Tornado: Fix an open redirect issue in the static file handler (bsc#1211741) * Bug fixes: * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) spacecmd: * Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) python-looseversion: * version 1.0.2-2 * Add Section to package metadata (bsc#1213432) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 18.04 1804 zypper in -t patch suse-ubu184ct-client-tools-202306-15224=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 18.04 1804 (all) * spacecmd-4.3.22-68.3 * python3-looseversion-1.0.2-2 * salt-common-3006.0+ds-1+144.2 * salt-minion-3006.0+ds-1+144.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://bugzilla.suse.com/show_bug.cgi?id=1213432 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:46:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:46:29 -0000 Subject: SUSE-RU-2023:3118-1: moderate: Recommended update for hwinfo Message-ID: <169096598934.20516.12547371321043144818@smelt2.suse.de> # Recommended update for hwinfo Announcement ID: SUSE-RU-2023:3118-1 Rating: moderate References: * #1212756 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for hwinfo fixes the following issues: * Avoid linking problems with libsamba (bsc#1212756) * Update to version 21.85 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3118=1 SUSE-2023-3118=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3118=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3118=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3118=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3118=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3118=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3118=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3118=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * hwinfo-debuginfo-21.85-150400.3.12.1 * hwinfo-devel-debuginfo-21.85-150400.3.12.1 * hwinfo-debugsource-21.85-150400.3.12.1 * hwinfo-21.85-150400.3.12.1 * hwinfo-devel-21.85-150400.3.12.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * hwinfo-21.85-150400.3.12.1 * hwinfo-debuginfo-21.85-150400.3.12.1 * hwinfo-debugsource-21.85-150400.3.12.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * hwinfo-21.85-150400.3.12.1 * hwinfo-debuginfo-21.85-150400.3.12.1 * hwinfo-debugsource-21.85-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * hwinfo-21.85-150400.3.12.1 * hwinfo-debuginfo-21.85-150400.3.12.1 * hwinfo-debugsource-21.85-150400.3.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * hwinfo-21.85-150400.3.12.1 * hwinfo-debuginfo-21.85-150400.3.12.1 * hwinfo-debugsource-21.85-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * hwinfo-21.85-150400.3.12.1 * hwinfo-debuginfo-21.85-150400.3.12.1 * hwinfo-debugsource-21.85-150400.3.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * hwinfo-21.85-150400.3.12.1 * hwinfo-debuginfo-21.85-150400.3.12.1 * hwinfo-debugsource-21.85-150400.3.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * hwinfo-debuginfo-21.85-150400.3.12.1 * hwinfo-devel-debuginfo-21.85-150400.3.12.1 * hwinfo-debugsource-21.85-150400.3.12.1 * hwinfo-21.85-150400.3.12.1 * hwinfo-devel-21.85-150400.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212756 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 08:46:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 08:46:32 -0000 Subject: SUSE-RU-2023:3117-1: moderate: Recommended update for hwinfo Message-ID: <169096599212.20516.5300694213869957904@smelt2.suse.de> # Recommended update for hwinfo Announcement ID: SUSE-RU-2023:3117-1 Rating: moderate References: * #1212756 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for hwinfo fixes the following issues: * Avoid linking problems with libsamba (bsc#1212756) * Update to version 21.85 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3117=1 openSUSE-SLE-15.5-2023-3117=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3117=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * hwinfo-devel-debuginfo-21.85-150500.3.3.1 * hwinfo-21.85-150500.3.3.1 * hwinfo-devel-21.85-150500.3.3.1 * hwinfo-debuginfo-21.85-150500.3.3.1 * hwinfo-debugsource-21.85-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * hwinfo-devel-debuginfo-21.85-150500.3.3.1 * hwinfo-21.85-150500.3.3.1 * hwinfo-devel-21.85-150500.3.3.1 * hwinfo-debuginfo-21.85-150500.3.3.1 * hwinfo-debugsource-21.85-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212756 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 10:08:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:08:23 +0200 (CEST) Subject: SUSE-CU-2023:2497-1: Recommended update of bci/dotnet-sdk Message-ID: <20230802100823.9492AFD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2497-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-9.18 , bci/dotnet-sdk:6.0.20 , bci/dotnet-sdk:6.0.20-9.18 Container Release : 9.18 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:08:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:08:33 +0200 (CEST) Subject: SUSE-CU-2023:2498-1: Recommended update of bci/dotnet-sdk Message-ID: <20230802100833.D7445FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2498-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.18 , bci/dotnet-sdk:7.0.9 , bci/dotnet-sdk:7.0.9-11.18 , bci/dotnet-sdk:latest Container Release : 11.18 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:08:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:08:41 +0200 (CEST) Subject: SUSE-CU-2023:2499-1: Recommended update of bci/golang Message-ID: <20230802100841.CC0EEFD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2499-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.7.23 , bci/golang:oldstable , bci/golang:oldstable-2.7.23 Container Release : 7.23 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:08:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:08:51 +0200 (CEST) Subject: SUSE-CU-2023:2500-1: Recommended update of bci/golang Message-ID: <20230802100851.D7FBFFD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2500-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.8.22 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.8.22 Container Release : 8.22 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:09:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:09:02 +0200 (CEST) Subject: SUSE-CU-2023:2501-1: Recommended update of bci/nodejs Message-ID: <20230802100902.0B9A1FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2501-1 Container Tags : bci/node:16 , bci/node:16-9.22 , bci/nodejs:16 , bci/nodejs:16-9.22 Container Release : 9.22 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:09:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:09:13 +0200 (CEST) Subject: SUSE-CU-2023:2502-1: Recommended update of bci/nodejs Message-ID: <20230802100913.E0773FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2502-1 Container Tags : bci/node:18 , bci/node:18-9.5 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-9.5 , bci/nodejs:latest Container Release : 9.5 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:09:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:09:26 +0200 (CEST) Subject: SUSE-CU-2023:2503-1: Security update of bci/openjdk-devel Message-ID: <20230802100926.B1698FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2503-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.43 Container Release : 8.43 Severity : moderate Type : security References : 1179926 1212401 1213517 CVE-2020-8908 CVE-2023-2976 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3090-1 Released: Tue Aug 1 10:24:13 2023 Summary: Security update for guava Type: security Severity: moderate References: 1179926,1212401,CVE-2020-8908,CVE-2023-2976 This update for guava fixes the following issues: Upgrade to guava 32.0.1: - CVE-2020-8908: Fixed predictable temporary files and directories used in FileBackedOutputStream (bsc#1179926). - CVE-2023-2976: Fixed a temp directory creation vulnerability (bsc#1212401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - openssl-1_1-1.1.1l-150500.17.12.1 updated - guava-32.0.1-150200.3.7.1 updated - container:bci-openjdk-11-15.5.11-9.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:09:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:09:38 +0200 (CEST) Subject: SUSE-CU-2023:2504-1: Recommended update of bci/openjdk Message-ID: <20230802100938.6CF64FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2504-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.21 Container Release : 9.21 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - openssl-1_1-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:09:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:09:50 +0200 (CEST) Subject: SUSE-CU-2023:2505-1: Security update of bci/openjdk-devel Message-ID: <20230802100950.C695EFD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2505-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.40 , bci/openjdk-devel:latest Container Release : 10.40 Severity : important Type : security References : 1179926 1207922 1212401 1213473 1213474 1213475 1213479 1213481 1213482 1213517 CVE-2020-8908 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 CVE-2023-2976 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3023-1 Released: Fri Jul 28 21:59:48 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1207922,1213473,1213474,1213475,1213479,1213481,1213482,CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 (July 2023 CPU): - CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). - CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). - CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). - CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). - CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). - CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). - JDK-8294323: Improve Shared Class Data - JDK-8296565: Enhanced archival support - JDK-8298676, JDK-8300891: Enhanced Look and Feel - JDK-8300285: Enhance TLS data handling - JDK-8300596: Enhance Jar Signature validation - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 - JDK-8302475: Enhance HTTP client file downloading - JDK-8302483: Enhance ZIP performance - JDK-8303376: Better launching of JDI - JDK-8304460: Improve array usages - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling - JDK-8308682: Enhance AES performance Bugfixes: - JDK-8178806: Better exception logging in crypto code - JDK-8201516: DebugNonSafepoints generates incorrect information - JDK-8224768: Test ActalisCA.java fails - JDK-8227060: Optimize safepoint cleanup subtask order - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel - JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java doesn' initialize eName - JDK-8245877: assert(_value != __null) failed: resolving NULL _value in JvmtiExport::post_compiled_method_load - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken - JDK-8252990: Intrinsify Unsafe.storeStoreFence - JDK-8254711: Add java.security.Provider.getService JFR Event - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8261495: Shenandoah: reconsider update references memory ordering - JDK-8268288: jdk/jfr/api/consumer/streaming/ /TestOutOfProcessMigration.java fails with 'Error: ShouldNotReachHere()' - JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java fails: unexpected log message - JDK-8268582: javadoc throws NPE with --ignore-source-errors option - JDK-8269821: Remove is-queue-active check in inner loop of write_ref_array_pre_work - JDK-8270434: JDI+UT: Unexpected event in JDI tests - JDK-8270859: Post JEP 411 refactoring: client libs with maximum covering > 10K - JDK-8270869: G1ServiceThread may not terminate - JDK-8271519: java/awt/event/SequencedEvent/ /MultipleContextsFunctionalTest.java failed with 'Total [200] - Expected [400]' - JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can still fail with 'ERROR: new event is not ThreadStartEvent' - JDK-8274243: Implement fast-path for ASCII-compatible CharsetEncoders on aarch64 - JDK-8274615: Support relaxed atomic add for linux-aarch64 - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275287: Relax memory ordering constraints on updating instance class and array class counters - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276058: Some swing test fails on specific CI macos system - JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/ /bug6276188.java fails to compile after JDK-8276058 - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 - JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly identify it as pause - JDK-8278434: timeouts in test java/time/test/java/time/ /format/TestZoneTextPrinterParser.java - JDK-8278834: Error 'Cannot read field 'sym' because 'this.lvar[od]' is null' when compiling - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282227: Locale information for nb is not working properly - JDK-8282704: runtime/Thread/StopAtExit.java may leak memory - JDK-8283057: Update GCC to version 11.2.0 for Oracle builds on Linux - JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2 - JDK-8283520: JFR: Memory leak in dcmd_arena - JDK-8283566: G1: Improve G1BarrierSet::enqueue performance - JDK-8284331: Add sanity check for signal handler modification warning. - JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel - JDK-8285987: executing shell scripts without #! fails on Alpine linux - JDK-8286191: misc tests fail due to JDK-8285987 - JDK-8286287: Reading file as UTF-16 causes Error which 'shouldn't happen' - JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator - JDK-8286346: 3-parameter version of AllocateHeap should not ignore AllocFailType - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287541: Files.writeString fails to throw IOException for charset 'windows-1252' - JDK-8287854: Dangling reference in ClassVerifier::verify_class - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8288589: Files.readString ignores encoding errors for UTF-16 - JDK-8289509: Improve test coverage for XPath Axes: descendant, descendant-or-self, following, following-sibling - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8289949: Improve test coverage for XPath: operators - JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is subject to undefined behavior - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8292301: [REDO v2] C2 crash when allocating array of size too large - JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests resilience under spurious failures - JDK-8292713: Unsafe.allocateInstance should be intrinsified without UseUnalignedAccesses - JDK-8292755: Non-default method in interface leads to a stack overflow in JShell - JDK-8292990: Improve test coverage for XPath Axes: parent - JDK-8293295: Add type check asserts to java_lang_ref_Reference accessors - JDK-8293492: ShenandoahControlThread missing from hs-err log and thread dump - JDK-8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG - JDK-8293887: AArch64 build failure with GCC 12 due to maybe-uninitialized warning in libfdlibm k_rem_pio2.c - JDK-8294183: AArch64: Wrong macro check in SharedRuntime::generate_deopt_blob - JDK-8294281: Allow warnings to be disabled on a per-file basis - JDK-8294673: JFR: Add SecurityProviderService#threshold to TestActiveSettingEvent.java - JDK-8294717: (bf) DirectByteBuffer constructor will leak if allocating Deallocator or Cleaner fails with OOME - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295564: Norwegian Nynorsk Locale is missing formatting - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM - JDK-8296318: use-def assert: special case undetected loops nested in infinite loops - JDK-8296343: CPVE thrown on missing content-length in OCSP response - JDK-8296412: Special case infinite loops with unmerged backedges in IdealLoopTree::check_safepts - JDK-8296545: C2 Blackholes should allow load optimizations - JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297154: Improve safepoint cleanup logging - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8297587: Upgrade JLine to 3.22.0 - JDK-8297730: C2: Arraycopy intrinsic throws incorrect exception - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs - JDK-8298488: [macos13] tools/jpackage tests failing with 'Exit code: 137' on macOS - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299179: ArrayFill with store on backedge needs to reduce length by 1 - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8299544: Improve performance of CRC32C intrinsics (non-AVX-512) for small inputs - JDK-8299570: [JVMCI] Insufficient error handling when CodeBuffer is exhausted - JDK-8299959: C2: CmpU::Value must filter overflow computation against local sub computation - JDK-8300042: Improve CPU related JFR events descriptions - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300823: UB: Compile::_phase_optimize_finished is initialized too late - JDK-8300939: sun/security/provider/certpath/OCSP/ /OCSPNoContentLength.java fails due to network errors - JDK-8301050: Detect Xen Virtualization on Linux aarch64 - JDK-8301119: Support for GB18030-2022 - JDK-8301123: Enable Symbol refcounting underflow checks in PRODUCT - JDK-8301190: [vectorapi] The typeChar of LaneType is incorrect when default locale is tr - JDK-8301216: ForkJoinPool invokeAll() ignores timeout - JDK-8301338: Identical branch conditions in CompileBroker::print_heapinfo - JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument - JDK-8301637: ThreadLocalRandom.current().doubles().parallel() contention - JDK-8301661: Enhance os::pd_print_cpu_info on macOS and Windows - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined must respect ForceInline - JDK-8302320: AsyncGetCallTrace obtains too few frames in sanity test - JDK-8302491: NoClassDefFoundError omits the original cause of an error - JDK-8302508: Add timestamp to the output TraceCompilerThreads - JDK-8302594: use-after-free in Node::destruct - JDK-8302595: use-after-free related to GraphKit::clone_map - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8302849: SurfaceManager might expose partially constructed object - JDK-8303069: Memory leak in CompilerOracle::parse_from_line - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303130: Document required Accessibility permissions on macOS - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8 - JDK-8303440: The 'ZonedDateTime.parse' may not accept the 'UTC+XX' zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303508: Vector.lane() gets wrong value on x86 - JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during unrolling - JDK-8303564: C2: 'Bad graph detected in build_loop_late' after a CMove is wrongly split thru phi - JDK-8303575: adjust Xen handling on Linux aarch64 - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303588: [JVMCI] make JVMCI source directories conform with standard layout - JDK-8303809: Dispose context in SPNEGO NegotiatorImpl - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8303949: gcc10 warning Linux ppc64le - note: the layout of aggregates containing vectors with 8-byte alignment has changed in GCC 5 - JDK-8304054: Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed - JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java fails when checking LD_LIBRARY_PATH - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304671: javac regression: Compilation with --release 8 fails on underscore in enum identifiers - JDK-8304683: Memory leak in WB_IsMethodCompatible - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8304867: Explicitly disable dtrace for ppc builds - JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with ZGC - JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305403: Shenandoah evacuation workers may deadlock - JDK-8305481: gtest is_first_C_frame failing on ARM - JDK-8305690: [X86] Do not emit two REX prefixes in Assembler::prefix - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8305993: Add handleSocketErrorWithMessage to extend nio Net.c exception message - JDK-8305994: Guarantee eventual async monitor deflation - JDK-8306072: Open source several AWT MouseInfo related tests - JDK-8306133: Open source few AWT Drag & Drop related tests - JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests - JDK-8306432: Open source several AWT Text Component related tests - JDK-8306466: Open source more AWT Drag & Drop related tests - JDK-8306489: Open source AWT List related tests - JDK-8306543: GHA: MSVC installation is failing - JDK-8306640: Open source several AWT TextArea related tests - JDK-8306652: Open source AWT MenuItem related tests - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306681: Open source more AWT DnD related tests - JDK-8306683: Open source several clipboard and color AWT tests - JDK-8306752: Open source several container and component AWT tests - JDK-8306753: Open source several container AWT tests - JDK-8306755: Open source few Swing JComponent and AbstractButton tests - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306774: Make runtime/Monitor/ /GuaranteedAsyncDeflationIntervalTest.java more reliable - JDK-8306825: Monitor deflation might be accidentally disabled by zero intervals - JDK-8306850: Open source AWT Modal related tests - JDK-8306871: Open source more AWT Drag & Drop tests - JDK-8306883: Thread stacksize is reported with wrong units in os::create_thread logging - JDK-8306941: Open source several datatransfer and dnd AWT tests - JDK-8306943: Open source several dnd AWT tests - JDK-8306954: Open source five Focus related tests - JDK-8306955: Open source several JComboBox jtreg tests - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8306996: Open source Swing MenuItem related tests - JDK-8307080: Open source some more JComboBox jtreg tests - JDK-8307128: Open source some drag and drop tests 4 - JDK-8307130: Open source few Swing JMenu tests - JDK-8307133: Open source some JTable jtreg tests - JDK-8307134: Add GTS root CAs - JDK-8307135: java/awt/dnd/NotReallySerializableTest/ /NotReallySerializableTest.java failed - JDK-8307331: Correctly update line maps when class redefine rewrites bytecodes - JDK-8307346: Add missing gc+phases logging for ObjectCount(AfterGC) JFR event collection code - JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could leave files owned by root on macOS - JDK-8307378: Allow collectors to provide specific values for GC notifications' actions - JDK-8307381: Open Source JFrame, JIF related Swing Tests - JDK-8307425: Socket input stream read burns CPU cycles with back-to-back poll(0) calls - JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause - JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not removed from ExternalEditorTest - JDK-8308880: [17u] micro bench ZoneStrings missed in backport of 8278434 - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8311467: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3090-1 Released: Tue Aug 1 10:24:13 2023 Summary: Security update for guava Type: security Severity: moderate References: 1179926,1212401,CVE-2020-8908,CVE-2023-2976 This update for guava fixes the following issues: Upgrade to guava 32.0.1: - CVE-2020-8908: Fixed predictable temporary files and directories used in FileBackedOutputStream (bsc#1179926). - CVE-2023-2976: Fixed a temp directory creation vulnerability (bsc#1212401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - openssl-1_1-1.1.1l-150500.17.12.1 updated - java-17-openjdk-headless-17.0.8.0-150400.3.27.1 updated - java-17-openjdk-17.0.8.0-150400.3.27.1 updated - java-17-openjdk-devel-17.0.8.0-150400.3.27.1 updated - guava-32.0.1-150200.3.7.1 updated - container:bci-openjdk-17-15.5.17-10.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:10:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:10:03 +0200 (CEST) Subject: SUSE-CU-2023:2506-1: Recommended update of bci/openjdk Message-ID: <20230802101003.39CF5FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2506-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.21 , bci/openjdk:latest Container Release : 10.21 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - openssl-1_1-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:10:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:10:13 +0200 (CEST) Subject: SUSE-CU-2023:2507-1: Recommended update of bci/php-apache Message-ID: <20230802101013.4297CFD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2507-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.20 Container Release : 6.20 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:10:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:10:23 +0200 (CEST) Subject: SUSE-CU-2023:2508-1: Recommended update of bci/php Message-ID: <20230802101023.7B551FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2508-1 Container Tags : bci/php:8 , bci/php:8-6.20 Container Release : 6.20 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:10:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:10:30 +0200 (CEST) Subject: SUSE-CU-2023:2509-1: Recommended update of suse/postgres Message-ID: <20230802101030.446DCFD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2509-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.21 , suse/postgres:15.3 , suse/postgres:15.3-9.21 , suse/postgres:latest Container Release : 9.21 Severity : moderate Type : recommended References : 1212496 1213517 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3088-1 Released: Tue Aug 1 09:52:03 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1212496 This update for systemd-presets-common-SUSE fixes the following issues: - Fix systemctl being called with an empty argument (bsc#1212496) - Don't call systemctl list-unit-files with an empty argument (bsc#1212496) - Add wtmpdb-update-boot.service and wtmpdb-rotate.timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - systemd-presets-common-SUSE-15-150500.20.3.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:10:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:10:38 +0200 (CEST) Subject: SUSE-CU-2023:2510-1: Recommended update of bci/ruby Message-ID: <20230802101038.1D6A4FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2510-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.19 , bci/ruby:2.5 , bci/ruby:2.5-10.19 , bci/ruby:latest Container Release : 10.19 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:10:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:10:48 +0200 (CEST) Subject: SUSE-CU-2023:2511-1: Recommended update of bci/rust Message-ID: <20230802101048.AE07DFD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2511-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-2.9.4 , bci/rust:oldstable , bci/rust:oldstable-2.9.4 Container Release : 9.4 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 10:10:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Aug 2023 12:10:59 +0200 (CEST) Subject: SUSE-CU-2023:2512-1: Recommended update of bci/rust Message-ID: <20230802101059.CB4E8FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2512-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-1.10.4 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.10.4 Container Release : 10.4 Severity : moderate Type : recommended References : 1213517 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.12.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Wed Aug 2 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:03 -0000 Subject: SUSE-SU-2023:3153-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5) Message-ID: <169097940315.32191.162703195179059602@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3153-1 Rating: important References: * #1210566 * #1210987 * #1212348 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-2235 * CVE-2023-33952 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33952 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-33952 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_11 fixes several issues. The following security issues were fixed: * * CVE-2023-33952: Fixed a vmwgfx Driver Double Free Local Privilege Escalation Vulnerability (bsc#1212348). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3153=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3153=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-2-150500.3.1 * kernel-livepatch-5_14_21-150500_11-rt-2-150500.3.1 * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-2-150500.3.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-2-150500.3.1 * kernel-livepatch-5_14_21-150500_11-rt-2-150500.3.1 * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-2-150500.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-33952.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1210987 * https://bugzilla.suse.com/show_bug.cgi?id=1212348 * https://bugzilla.suse.com/show_bug.cgi?id=1212509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:05 -0000 Subject: SUSE-SU-2023:3165-1: moderate: Security update for jtidy Message-ID: <169097940545.32191.1899544488902351676@smelt2.suse.de> # Security update for jtidy Announcement ID: SUSE-SU-2023:3165-1 Rating: moderate References: * #1212404 Cross-References: * CVE-2023-34623 CVSS scores: * CVE-2023-34623 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34623 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for jtidy fixes the following issues: * CVE-2023-34623: Fixed crash when parsing documents with excessive nesting (bsc#1212404). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3165=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * jtidy-8.0-27.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212404 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:07 -0000 Subject: SUSE-SU-2023:3164-1: moderate: Security update for jtidy Message-ID: <169097940766.32191.9881955141051382631@smelt2.suse.de> # Security update for jtidy Announcement ID: SUSE-SU-2023:3164-1 Rating: moderate References: * #1212404 Cross-References: * CVE-2023-34623 CVSS scores: * CVE-2023-34623 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34623 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for jtidy fixes the following issues: * CVE-2023-34623: Prevent crash when parsing documents with excessive nesting (bsc#1212404). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3164=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3164=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3164=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3164=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3164=1 ## Package List: * openSUSE Leap 15.5 (noarch) * jtidy-javadoc-8.0-150200.11.7.1 * jtidy-scripts-8.0-150200.11.7.1 * jtidy-8.0-150200.11.7.1 * Development Tools Module 15-SP4 (noarch) * jtidy-8.0-150200.11.7.1 * Development Tools Module 15-SP5 (noarch) * jtidy-8.0-150200.11.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * jtidy-8.0-150200.11.7.1 * openSUSE Leap 15.4 (noarch) * jtidy-javadoc-8.0-150200.11.7.1 * jtidy-scripts-8.0-150200.11.7.1 * jtidy-8.0-150200.11.7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212404 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:10 -0000 Subject: SUSE-SU-2023:3163-1: important: Security update for MozillaFirefox Message-ID: <169097941016.32191.7634824341720300865@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3163-1 Rating: important References: * #1213657 * #1213746 Cross-References: * CVE-2023-4045 * CVE-2023-4046 * CVE-2023-4047 * CVE-2023-4048 * CVE-2023-4049 * CVE-2023-4050 * CVE-2023-4052 * CVE-2023-4054 * CVE-2023-4055 * CVE-2023-4056 * CVE-2023-4057 CVSS scores: * CVE-2023-4045 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following security issues: Firefox was updated to Extended Support Release 115.1.0 ESR (bsc#1213746). * CVE-2023-4045: Fixed cross-origin restrictions bypass with Offscreen Canvas (bmo#1833876). * CVE-2023-4046: Fixed incorrect value used during WASM compilation (bmo#1837686). * CVE-2023-4047: Fixed potential permissions request bypass via clickjacking (bmo#1839073). * CVE-2023-4048: Fixed crash in DOMParser due to out-of-memory conditions (bmo#1841368). * CVE-2023-4049: Fixed potential race conditions when releasing platform objects (bmo#1842658). * CVE-2023-4050: Fixed stack buffer overflow in StorageManager (bmo#1843038). * CVE-2023-4052: Fixed file deletion and privilege escalation through Firefox uninstaller (bmo#1824420). * CVE-2023-4054: Fixed lack of warning when opening appref-ms files (bmo#1840777). * CVE-2023-4055: Fixed cookie jar overflow caused unexpected cookie jar state (bmo#1782561). * CVE-2023-4056: Fixed memory safety bugs (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847). * CVE-2023-4057: Fixed memory safety bugs (bmo#1841682). Bugfixes: * Remove bashisms from startup-script (bsc#1213657). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3163=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3163=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3163=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-debuginfo-115.1.0-150000.150.97.1 * MozillaFirefox-debugsource-115.1.0-150000.150.97.1 * MozillaFirefox-115.1.0-150000.150.97.1 * MozillaFirefox-translations-common-115.1.0-150000.150.97.1 * MozillaFirefox-translations-other-115.1.0-150000.150.97.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.1.0-150000.150.97.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.1.0-150000.150.97.1 * MozillaFirefox-debugsource-115.1.0-150000.150.97.1 * MozillaFirefox-115.1.0-150000.150.97.1 * MozillaFirefox-translations-common-115.1.0-150000.150.97.1 * MozillaFirefox-translations-other-115.1.0-150000.150.97.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * MozillaFirefox-devel-115.1.0-150000.150.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-debuginfo-115.1.0-150000.150.97.1 * MozillaFirefox-debugsource-115.1.0-150000.150.97.1 * MozillaFirefox-115.1.0-150000.150.97.1 * MozillaFirefox-translations-common-115.1.0-150000.150.97.1 * MozillaFirefox-translations-other-115.1.0-150000.150.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * MozillaFirefox-devel-115.1.0-150000.150.97.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-debuginfo-115.1.0-150000.150.97.1 * MozillaFirefox-debugsource-115.1.0-150000.150.97.1 * MozillaFirefox-115.1.0-150000.150.97.1 * MozillaFirefox-translations-common-115.1.0-150000.150.97.1 * MozillaFirefox-translations-other-115.1.0-150000.150.97.1 * SUSE CaaS Platform 4.0 (noarch) * MozillaFirefox-devel-115.1.0-150000.150.97.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4045.html * https://www.suse.com/security/cve/CVE-2023-4046.html * https://www.suse.com/security/cve/CVE-2023-4047.html * https://www.suse.com/security/cve/CVE-2023-4048.html * https://www.suse.com/security/cve/CVE-2023-4049.html * https://www.suse.com/security/cve/CVE-2023-4050.html * https://www.suse.com/security/cve/CVE-2023-4052.html * https://www.suse.com/security/cve/CVE-2023-4054.html * https://www.suse.com/security/cve/CVE-2023-4055.html * https://www.suse.com/security/cve/CVE-2023-4056.html * https://www.suse.com/security/cve/CVE-2023-4057.html * https://bugzilla.suse.com/show_bug.cgi?id=1213657 * https://bugzilla.suse.com/show_bug.cgi?id=1213746 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:12 -0000 Subject: SUSE-SU-2023:3162-1: important: Security update for MozillaFirefox Message-ID: <169097941286.32191.1618100945357862475@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3162-1 Rating: important References: * #1213657 * #1213746 Cross-References: * CVE-2023-4045 * CVE-2023-4046 * CVE-2023-4047 * CVE-2023-4048 * CVE-2023-4049 * CVE-2023-4050 * CVE-2023-4052 * CVE-2023-4054 * CVE-2023-4055 * CVE-2023-4056 * CVE-2023-4057 CVSS scores: * CVE-2023-4045 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following security issues: Firefox was updated to Extended Support Release 115.1.0 ESR (bsc#1213746): * CVE-2023-4045: Fixed cross-origin restrictions bypass with Offscreen Canvas (bmo#1833876). * CVE-2023-4046: Fixed incorrect value used during WASM compilation (bmo#1837686). * CVE-2023-4047: Fixed potential permissions request bypass via clickjacking (bmo#1839073). * CVE-2023-4048: Fixed crash in DOMParser due to out-of-memory conditions (bmo#1841368). * CVE-2023-4049: Fixed potential race conditions when releasing platform objects (bmo#1842658). * CVE-2023-4050: Fixed stack buffer overflow in StorageManager (bmo#1843038). * CVE-2023-4052: Fixed file deletion and privilege escalation through Firefox uninstaller (bmo#1824420). * CVE-2023-4054: Fixed lack of warning when opening appref-ms files (bmo#1840777). * CVE-2023-4055: Fixed cookie jar overflow caused unexpected cookie jar state (bmo#1782561). * CVE-2023-4056: Fixed memory safety bugs (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847). * CVE-2023-4057: Fixed memory safety bugs (bmo#1841682). Bugfixes: * Remove bashisms from startup-script (bsc#1213657) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3162=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3162=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3162=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3162=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3162=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3162=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3162=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3162=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3162=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3162=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3162=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3162=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-branding-upstream-115.1.0-150200.152.99.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-branding-upstream-115.1.0-150200.152.99.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4045.html * https://www.suse.com/security/cve/CVE-2023-4046.html * https://www.suse.com/security/cve/CVE-2023-4047.html * https://www.suse.com/security/cve/CVE-2023-4048.html * https://www.suse.com/security/cve/CVE-2023-4049.html * https://www.suse.com/security/cve/CVE-2023-4050.html * https://www.suse.com/security/cve/CVE-2023-4052.html * https://www.suse.com/security/cve/CVE-2023-4054.html * https://www.suse.com/security/cve/CVE-2023-4055.html * https://www.suse.com/security/cve/CVE-2023-4056.html * https://www.suse.com/security/cve/CVE-2023-4057.html * https://bugzilla.suse.com/show_bug.cgi?id=1213657 * https://bugzilla.suse.com/show_bug.cgi?id=1213746 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:15 -0000 Subject: SUSE-SU-2023:3161-1: important: Security update for MozillaFirefox Message-ID: <169097941551.32191.1242435684740008128@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3161-1 Rating: important References: * #1213657 * #1213746 Cross-References: * CVE-2023-4045 * CVE-2023-4046 * CVE-2023-4047 * CVE-2023-4048 * CVE-2023-4049 * CVE-2023-4050 * CVE-2023-4052 * CVE-2023-4054 * CVE-2023-4055 * CVE-2023-4056 * CVE-2023-4057 CVSS scores: * CVE-2023-4045 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following security issues: Firefox was updated to Extended Support Release 115.1.0 ESR (bsc#1213746). * CVE-2023-4045: Fixed cross-origin restrictions bypass with Offscreen Canvas (bmo#1833876). * CVE-2023-4046: Fixed incorrect value used during WASM compilation (bmo#1837686). * CVE-2023-4047: Fixed potential permissions request bypass via clickjacking (bmo#1839073). * CVE-2023-4048: Fixed crash in DOMParser due to out-of-memory conditions (bmo#1841368). * CVE-2023-4049: Fixed potential race conditions when releasing platform objects (bmo#1842658). * CVE-2023-4050: Fixed stack buffer overflow in StorageManager (bmo#1843038). * CVE-2023-4052: Fixed file deletion and privilege escalation through Firefox uninstaller (bmo#1824420). * CVE-2023-4054: Fixed lack of warning when opening appref-ms files (bmo#1840777). * CVE-2023-4055: Fixed cookie jar overflow caused unexpected cookie jar state (bmo#1782561). * CVE-2023-4056: Fixed memory safety bugs (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847). * CVE-2023-4057: Fixed memory safety bugs (bmo#1841682). Bugfixes: * Remove bashisms from startup-script (bsc#1213657). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3161=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3161=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3161=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3161=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3161=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-115.1.0-112.173.1 * MozillaFirefox-debugsource-115.1.0-112.173.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * MozillaFirefox-devel-115.1.0-112.173.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * MozillaFirefox-115.1.0-112.173.1 * MozillaFirefox-debuginfo-115.1.0-112.173.1 * MozillaFirefox-translations-common-115.1.0-112.173.1 * MozillaFirefox-debugsource-115.1.0-112.173.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * MozillaFirefox-devel-115.1.0-112.173.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-115.1.0-112.173.1 * MozillaFirefox-debuginfo-115.1.0-112.173.1 * MozillaFirefox-translations-common-115.1.0-112.173.1 * MozillaFirefox-debugsource-115.1.0-112.173.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * MozillaFirefox-devel-115.1.0-112.173.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-112.173.1 * MozillaFirefox-debuginfo-115.1.0-112.173.1 * MozillaFirefox-translations-common-115.1.0-112.173.1 * MozillaFirefox-debugsource-115.1.0-112.173.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * MozillaFirefox-devel-115.1.0-112.173.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-115.1.0-112.173.1 * MozillaFirefox-debuginfo-115.1.0-112.173.1 * MozillaFirefox-translations-common-115.1.0-112.173.1 * MozillaFirefox-debugsource-115.1.0-112.173.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * MozillaFirefox-devel-115.1.0-112.173.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4045.html * https://www.suse.com/security/cve/CVE-2023-4046.html * https://www.suse.com/security/cve/CVE-2023-4047.html * https://www.suse.com/security/cve/CVE-2023-4048.html * https://www.suse.com/security/cve/CVE-2023-4049.html * https://www.suse.com/security/cve/CVE-2023-4050.html * https://www.suse.com/security/cve/CVE-2023-4052.html * https://www.suse.com/security/cve/CVE-2023-4054.html * https://www.suse.com/security/cve/CVE-2023-4055.html * https://www.suse.com/security/cve/CVE-2023-4056.html * https://www.suse.com/security/cve/CVE-2023-4057.html * https://bugzilla.suse.com/show_bug.cgi?id=1213657 * https://bugzilla.suse.com/show_bug.cgi?id=1213746 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:17 -0000 Subject: SUSE-SU-2023:3160-1: moderate: Security update for openssl Message-ID: <169097941742.32191.14786475224111224593@smelt2.suse.de> # Security update for openssl Announcement ID: SUSE-SU-2023:3160-1 Rating: moderate References: * #1213487 Cross-References: * CVE-2023-3446 CVSS scores: * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3446 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3160=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libopenssl1_0_0-32bit-1.0.2j-60.101.1 * libopenssl1_0_0-hmac-32bit-1.0.2j-60.101.1 * openssl-1.0.2j-60.101.1 * libopenssl1_0_0-hmac-1.0.2j-60.101.1 * openssl-debugsource-1.0.2j-60.101.1 * libopenssl1_0_0-debuginfo-1.0.2j-60.101.1 * libopenssl1_0_0-1.0.2j-60.101.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.101.1 * libopenssl-devel-1.0.2j-60.101.1 * openssl-debuginfo-1.0.2j-60.101.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * openssl-doc-1.0.2j-60.101.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:28 -0000 Subject: SUSE-RU-2023:3159-1: moderate: Recommended update for pacemaker Message-ID: <169097942895.32191.17536008823881983219@smelt2.suse.de> # Recommended update for pacemaker Announcement ID: SUSE-RU-2023:3159-1 Rating: moderate References: * #1070347 * #1180966 * #1198767 * #1202177 * #1206268 * #1208380 * #1209640 * #1210074 * #1210857 * #1211098 * #1211678 * #1213125 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains four features and has 12 recommended fixes can now be installed. ## Description: This update for pacemaker fixes the following issues: * Disable build with `sbd-sync` as it is not supported (bsc#1180966) * Fix fencing timeout issues (bsc#1210074) * Fix memory access violation issues when disconnecting proxy IPCs during shutdown (bsc#1209640) * Fix `pacemakerd -S` to wait for shutdown before returning (bsc#1210857) * Fix warning if cluster has no watchdog device (bsc#1213125) * Implement ability to search for a node cache entry by uuid instead of id (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098) * Make preparations for OCF 1.1 standard in future versions of SUSE Linux Enterprise (jsc#PED-106, jsc#PED-294) * Make preparations to deprecate HA nagios resources in future versions of SUSE Linux Enterprise (jsc#PED-3877, jsc#PED-4446) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3159=1 openSUSE-SLE-15.5-2023-3159=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3159=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * pacemaker-libs-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-remote-debuginfo-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-devel-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-debuginfo-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-libs-debuginfo-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-remote-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-debugsource-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-cli-debuginfo-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-cli-2.1.5+20221208.a3f44794f-150500.6.5.8 * openSUSE Leap 15.5 (noarch) * pacemaker-cts-2.1.5+20221208.a3f44794f-150500.6.5.8 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * pacemaker-libs-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-remote-debuginfo-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-devel-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-debuginfo-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-libs-debuginfo-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-remote-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-debugsource-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-cli-debuginfo-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-2.1.5+20221208.a3f44794f-150500.6.5.8 * pacemaker-cli-2.1.5+20221208.a3f44794f-150500.6.5.8 * SUSE Linux Enterprise High Availability Extension 15 SP5 (noarch) * pacemaker-cts-2.1.5+20221208.a3f44794f-150500.6.5.8 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1070347 * https://bugzilla.suse.com/show_bug.cgi?id=1180966 * https://bugzilla.suse.com/show_bug.cgi?id=1198767 * https://bugzilla.suse.com/show_bug.cgi?id=1202177 * https://bugzilla.suse.com/show_bug.cgi?id=1206268 * https://bugzilla.suse.com/show_bug.cgi?id=1208380 * https://bugzilla.suse.com/show_bug.cgi?id=1209640 * https://bugzilla.suse.com/show_bug.cgi?id=1210074 * https://bugzilla.suse.com/show_bug.cgi?id=1210857 * https://bugzilla.suse.com/show_bug.cgi?id=1211098 * https://bugzilla.suse.com/show_bug.cgi?id=1211678 * https://bugzilla.suse.com/show_bug.cgi?id=1213125 * https://jira.suse.com/browse/PED-106 * https://jira.suse.com/browse/PED-294 * https://jira.suse.com/browse/PED-3877 * https://jira.suse.com/browse/PED-4446 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:35 -0000 Subject: SUSE-RU-2023:3158-1: moderate: Recommended update for pacemaker Message-ID: <169097943562.32191.16623190142337677901@smelt2.suse.de> # Recommended update for pacemaker Announcement ID: SUSE-RU-2023:3158-1 Rating: moderate References: * #1070347 * #1180966 * #1198767 * #1202177 * #1206263 * #1206268 * #1207319 * #1208380 * #1208544 * #1208868 * #1209586 * #1209640 * #1210074 * #1210857 * #1211098 * #1211678 * #1213125 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has 17 recommended fixes can now be installed. ## Description: This update for pacemaker fixes the following issues: * Fix warning if cluster has no watchdog device (bsc#1213125) * Daemon `pacemakerd -S` should wait for shutdown before returning (bsc#1210857) * Disable build with `sbd-sync` as it is not supported (bsc#1180966) * Fix fencing timeout issues (bsc#1210074) * Fix memory access violation issues when disconnecting proxy IPCs during shutdown (bsc#1209640) * Fix various memory leaks (bsc#1211678, bsc#1208544) * Implement ability to search for a node cache entry by uuid instead of id (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098) * libcrmcommon: allow `crm_attribute` to try `OCF_RESOURCE_INSTANCE` environment variable if `-p` is specified with an empty string (bsc#1209586) * libpacemaker: Avoid assertion failure if a `node_state` entry doesn't have an uname yet (bsc#1207319) * Prevent inactive instances from starting, if probe is unrunnable on any nodes (bsc#1206263) * Update `crm_mon` synopsis (bsc#1208868) * Update `crm_shadow --commit` to work with CIB_file ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3158=1 openSUSE-SLE-15.4-2023-3158=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3158=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.14.9 * libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.14.9 * libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.14.9 * libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-2.1.2+20211124.ada5c3b36-150400.4.14.9 * openSUSE Leap 15.4 (noarch) * pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.14.9 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.14.9 * libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.14.9 * libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.14.9 * libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.14.9 * pacemaker-2.1.2+20211124.ada5c3b36-150400.4.14.9 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.14.9 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1070347 * https://bugzilla.suse.com/show_bug.cgi?id=1180966 * https://bugzilla.suse.com/show_bug.cgi?id=1198767 * https://bugzilla.suse.com/show_bug.cgi?id=1202177 * https://bugzilla.suse.com/show_bug.cgi?id=1206263 * https://bugzilla.suse.com/show_bug.cgi?id=1206268 * https://bugzilla.suse.com/show_bug.cgi?id=1207319 * https://bugzilla.suse.com/show_bug.cgi?id=1208380 * https://bugzilla.suse.com/show_bug.cgi?id=1208544 * https://bugzilla.suse.com/show_bug.cgi?id=1208868 * https://bugzilla.suse.com/show_bug.cgi?id=1209586 * https://bugzilla.suse.com/show_bug.cgi?id=1209640 * https://bugzilla.suse.com/show_bug.cgi?id=1210074 * https://bugzilla.suse.com/show_bug.cgi?id=1210857 * https://bugzilla.suse.com/show_bug.cgi?id=1211098 * https://bugzilla.suse.com/show_bug.cgi?id=1211678 * https://bugzilla.suse.com/show_bug.cgi?id=1213125 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:41 -0000 Subject: SUSE-RU-2023:3157-1: moderate: Recommended update for pacemaker Message-ID: <169097944150.32191.14472519074077136333@smelt2.suse.de> # Recommended update for pacemaker Announcement ID: SUSE-RU-2023:3157-1 Rating: moderate References: * #1070347 * #1198767 * #1202177 * #1206263 * #1206268 * #1207319 * #1208380 * #1208544 * #1208868 * #1209640 * #1210074 * #1211098 * #1211678 Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has 13 recommended fixes can now be installed. ## Description: This update for pacemaker fixes the following issues: * Fix fencing timeout issues (bsc#1210074) * Fix memory access violation issues when disconnecting proxy IPCs during shutdown (bsc#1209640) * Fix various memory leaks (bsc#1211678, bsc#1208544) * Implement ability to search for a node cache entry by uuid instead of id (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098) * libpacemaker: Avoid assertion failure if a `node_state` entry doesn't have an uname yet (bsc#1207319) * Prevent inactive instances from starting if probe is unrunnable on any nodes (bsc#1206263) * Update `crm_mon` synopsis (bsc#1208868) * Update `crm_shadow --commit` to work with CIB_file ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3157=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * pacemaker-remote-2.0.5+20201202.ba59be712-150300.4.33.5 * libpacemaker3-2.0.5+20201202.ba59be712-150300.4.33.5 * pacemaker-debuginfo-2.0.5+20201202.ba59be712-150300.4.33.5 * pacemaker-remote-debuginfo-2.0.5+20201202.ba59be712-150300.4.33.5 * pacemaker-2.0.5+20201202.ba59be712-150300.4.33.5 * libpacemaker3-debuginfo-2.0.5+20201202.ba59be712-150300.4.33.5 * pacemaker-cli-2.0.5+20201202.ba59be712-150300.4.33.5 * pacemaker-cli-debuginfo-2.0.5+20201202.ba59be712-150300.4.33.5 * libpacemaker-devel-2.0.5+20201202.ba59be712-150300.4.33.5 * pacemaker-debugsource-2.0.5+20201202.ba59be712-150300.4.33.5 * SUSE Linux Enterprise High Availability Extension 15 SP3 (noarch) * pacemaker-cts-2.0.5+20201202.ba59be712-150300.4.33.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1070347 * https://bugzilla.suse.com/show_bug.cgi?id=1198767 * https://bugzilla.suse.com/show_bug.cgi?id=1202177 * https://bugzilla.suse.com/show_bug.cgi?id=1206263 * https://bugzilla.suse.com/show_bug.cgi?id=1206268 * https://bugzilla.suse.com/show_bug.cgi?id=1207319 * https://bugzilla.suse.com/show_bug.cgi?id=1208380 * https://bugzilla.suse.com/show_bug.cgi?id=1208544 * https://bugzilla.suse.com/show_bug.cgi?id=1208868 * https://bugzilla.suse.com/show_bug.cgi?id=1209640 * https://bugzilla.suse.com/show_bug.cgi?id=1210074 * https://bugzilla.suse.com/show_bug.cgi?id=1211098 * https://bugzilla.suse.com/show_bug.cgi?id=1211678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:45 -0000 Subject: SUSE-RU-2023:3156-1: moderate: Recommended update for pacemaker Message-ID: <169097944587.32191.18337713427493080303@smelt2.suse.de> # Recommended update for pacemaker Announcement ID: SUSE-RU-2023:3156-1 Rating: moderate References: * #1070347 * #1198767 * #1202177 * #1206263 * #1206268 * #1207319 * #1208380 * #1208868 * #1209640 * #1210074 * #1211098 * #1211678 Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that has 12 recommended fixes can now be installed. ## Description: This update for pacemaker fixes the following issues: * Fix fencing timeout issues (bsc#1210074) * Fix memory access violation issues when disconnecting proxy IPCs during shutdown (bsc#1209640) * Fix various memory leaks (bsc#1211678) * Implement ability to search for a node cache entry by uuid instead of id (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098) * libpacemaker: Avoid assertion failure if a `node_state` entry doesn't have an uname yet (bsc#1207319) * Prevent inactive instances from starting, if probe is unrunnable on any nodes (bsc#1206263) * Update `crm_mon` synopsis (bsc#1208868) * Update `crm_shadow --commit` to work with CIB_file ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-3156=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * pacemaker-cli-2.0.1+20190417.13d370ca9-150100.3.36.2 * pacemaker-remote-2.0.1+20190417.13d370ca9-150100.3.36.2 * pacemaker-debugsource-2.0.1+20190417.13d370ca9-150100.3.36.2 * libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-150100.3.36.2 * pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-150100.3.36.2 * libpacemaker3-2.0.1+20190417.13d370ca9-150100.3.36.2 * pacemaker-debuginfo-2.0.1+20190417.13d370ca9-150100.3.36.2 * pacemaker-2.0.1+20190417.13d370ca9-150100.3.36.2 * libpacemaker-devel-2.0.1+20190417.13d370ca9-150100.3.36.2 * pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-150100.3.36.2 * SUSE Linux Enterprise High Availability Extension 15 SP1 (noarch) * pacemaker-cts-2.0.1+20190417.13d370ca9-150100.3.36.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1070347 * https://bugzilla.suse.com/show_bug.cgi?id=1198767 * https://bugzilla.suse.com/show_bug.cgi?id=1202177 * https://bugzilla.suse.com/show_bug.cgi?id=1206263 * https://bugzilla.suse.com/show_bug.cgi?id=1206268 * https://bugzilla.suse.com/show_bug.cgi?id=1207319 * https://bugzilla.suse.com/show_bug.cgi?id=1208380 * https://bugzilla.suse.com/show_bug.cgi?id=1208868 * https://bugzilla.suse.com/show_bug.cgi?id=1209640 * https://bugzilla.suse.com/show_bug.cgi?id=1210074 * https://bugzilla.suse.com/show_bug.cgi?id=1211098 * https://bugzilla.suse.com/show_bug.cgi?id=1211678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:51 -0000 Subject: SUSE-RU-2023:3155-1: moderate: Recommended update for pacemaker Message-ID: <169097945101.32191.8099920283299764368@smelt2.suse.de> # Recommended update for pacemaker Announcement ID: SUSE-RU-2023:3155-1 Rating: moderate References: * #1070347 * #1198767 * #1202177 * #1206263 * #1206268 * #1207319 * #1208380 * #1208868 * #1209640 * #1210074 * #1211098 * #1211678 Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has 12 recommended fixes can now be installed. ## Description: This update for pacemaker fixes the following issues: * Fix fencing timeout issues (bsc#1210074) * Fix memory access violation issues when disconnecting proxy IPCs during shutdown (bsc#1209640) * Fix various memory leaks (bsc#1211678) * Implement ability to search for a node cache entry by uuid instead of id (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098) * libpacemaker: Avoid assertion failure if a `node_state` entry doesn't have an uname yet (bsc#1207319) * Prevent inactive instances from starting, if probe is unrunnable on any nodes (bsc#1206263) * Update `crm_mon` synopsis (bsc#1208868) * Update `crm_shadow --commit` to work with CIB_file ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3155=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3155=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3155=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-remote-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-remote-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-cli-1.1.24+20210811.f5abda0ee-3.33.10 * libpacemaker3-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-cts-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-cli-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * libpacemaker3-1.1.24+20210811.f5abda0ee-3.33.10 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-remote-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-remote-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-cli-1.1.24+20210811.f5abda0ee-3.33.10 * libpacemaker3-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-cts-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-cli-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * libpacemaker3-1.1.24+20210811.f5abda0ee-3.33.10 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.33.10 * libpacemaker-devel-1.1.24+20210811.f5abda0ee-3.33.10 * pacemaker-cts-1.1.24+20210811.f5abda0ee-3.33.10 * libpacemaker3-1.1.24+20210811.f5abda0ee-3.33.10 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1070347 * https://bugzilla.suse.com/show_bug.cgi?id=1198767 * https://bugzilla.suse.com/show_bug.cgi?id=1202177 * https://bugzilla.suse.com/show_bug.cgi?id=1206263 * https://bugzilla.suse.com/show_bug.cgi?id=1206268 * https://bugzilla.suse.com/show_bug.cgi?id=1207319 * https://bugzilla.suse.com/show_bug.cgi?id=1208380 * https://bugzilla.suse.com/show_bug.cgi?id=1208868 * https://bugzilla.suse.com/show_bug.cgi?id=1209640 * https://bugzilla.suse.com/show_bug.cgi?id=1210074 * https://bugzilla.suse.com/show_bug.cgi?id=1211098 * https://bugzilla.suse.com/show_bug.cgi?id=1211678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:57 -0000 Subject: SUSE-RU-2023:3154-1: moderate: Recommended update for pacemaker Message-ID: <169097945729.32191.17274141802351744111@smelt2.suse.de> # Recommended update for pacemaker Announcement ID: SUSE-RU-2023:3154-1 Rating: moderate References: * #1070347 * #1198767 * #1202177 * #1206263 * #1206268 * #1207319 * #1208380 * #1208868 * #1209640 * #1210074 * #1211098 * #1211678 Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that has 12 recommended fixes can now be installed. ## Description: This update for pacemaker fixes the following issues: * Fix fencing timeout issues (bsc#1210074) * Fix memory access violation issues when disconnecting proxy IPCs during shutdown (bsc#1209640) * Fix various memory leaks (bsc#1211678) * Implement ability to search for a node cache entry by uuid instead of id (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098) * libpacemaker: Avoid assertion failure if a `node_state` entry doesn't have an uname yet (bsc#1207319) * Prevent inactive instances from starting, if probe is unrunnable on any nodes (bsc#1206263) * Update `crm_mon` synopsis (bsc#1208868) * Update `crm_shadow --commit` to work with CIB_file ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-3154=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * pacemaker-remote-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.27.1 * libpacemaker3-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.27.1 * pacemaker-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.27.1 * pacemaker-cli-2.0.4+20200616.2deceaa3a-150200.3.27.1 * libpacemaker3-2.0.4+20200616.2deceaa3a-150200.3.27.1 * pacemaker-2.0.4+20200616.2deceaa3a-150200.3.27.1 * pacemaker-debugsource-2.0.4+20200616.2deceaa3a-150200.3.27.1 * libpacemaker-devel-2.0.4+20200616.2deceaa3a-150200.3.27.1 * pacemaker-remote-2.0.4+20200616.2deceaa3a-150200.3.27.1 * pacemaker-cli-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.27.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (noarch) * pacemaker-cts-2.0.4+20200616.2deceaa3a-150200.3.27.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1070347 * https://bugzilla.suse.com/show_bug.cgi?id=1198767 * https://bugzilla.suse.com/show_bug.cgi?id=1202177 * https://bugzilla.suse.com/show_bug.cgi?id=1206263 * https://bugzilla.suse.com/show_bug.cgi?id=1206268 * https://bugzilla.suse.com/show_bug.cgi?id=1207319 * https://bugzilla.suse.com/show_bug.cgi?id=1208380 * https://bugzilla.suse.com/show_bug.cgi?id=1208868 * https://bugzilla.suse.com/show_bug.cgi?id=1209640 * https://bugzilla.suse.com/show_bug.cgi?id=1210074 * https://bugzilla.suse.com/show_bug.cgi?id=1211098 * https://bugzilla.suse.com/show_bug.cgi?id=1211678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:30:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:30:59 -0000 Subject: SUSE-RU-2023:3152-1: important: Recommended update for yast2-users Message-ID: <169097945926.32191.6158095650647353252@smelt2.suse.de> # Recommended update for yast2-users Announcement ID: SUSE-RU-2023:3152-1 Rating: important References: * #1206627 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-users fixes the following issues: * Allow to edit NIS master server databases (bsc#1206627) * Update to version 4.4.15 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3152=1 openSUSE-SLE-15.4-2023-3152=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3152=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3152=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3152=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3152=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3152=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3152=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3152=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3152=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * yast2-users-debuginfo-4.4.15-150400.3.15.1 * yast2-users-debugsource-4.4.15-150400.3.15.1 * yast2-users-4.4.15-150400.3.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * yast2-users-4.4.15-150400.3.15.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * yast2-users-4.4.15-150400.3.15.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * yast2-users-4.4.15-150400.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * yast2-users-4.4.15-150400.3.15.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * yast2-users-4.4.15-150400.3.15.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * yast2-users-4.4.15-150400.3.15.1 * SUSE Manager Proxy 4.3 (x86_64) * yast2-users-4.4.15-150400.3.15.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * yast2-users-debuginfo-4.4.15-150400.3.15.1 * yast2-users-debugsource-4.4.15-150400.3.15.1 * yast2-users-4.4.15-150400.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206627 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:31:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:31:01 -0000 Subject: SUSE-RU-2023:3151-1: important: Recommended update for yast2-users Message-ID: <169097946136.32191.17760589250941904925@smelt2.suse.de> # Recommended update for yast2-users Announcement ID: SUSE-RU-2023:3151-1 Rating: important References: * #1206627 * #1211583 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for yast2-users fixes the following issues: * Allow to edit NIS master server databases (bsc#1206627) * Do not pre-fill non-sense user password when going back after importing user (bsc#1211583) * Update to version 4.5.6 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3151=1 openSUSE-SLE-15.5-2023-3151=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3151=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yast2-users-debuginfo-4.5.7-150500.3.8.1 * yast2-users-debugsource-4.5.7-150500.3.8.1 * yast2-users-4.5.7-150500.3.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * yast2-users-debuginfo-4.5.7-150500.3.8.1 * yast2-users-debugsource-4.5.7-150500.3.8.1 * yast2-users-4.5.7-150500.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206627 * https://bugzilla.suse.com/show_bug.cgi?id=1211583 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 12:31:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 12:31:05 -0000 Subject: SUSE-SU-202306:15222-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <169097946513.32191.3143287871943017925@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-202306:15222-1 Rating: moderate References: * #1208612 * #1210994 * #1211591 * #1211741 * #1211754 * #1212516 * #1212517 * #1213432 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Manager Client Tools for Ubuntu 20.04 2004 An update that solves one vulnerability, contains one feature and has seven fixes can now be installed. ## Description: This update fixes the following issues: salt: * Security fixes: * CVE-2023-28370: Tornado: Fix an open redirect issue in the static file handler (bsc#1211741) * Bug fixes: * Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) spacecmd: * Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) python-looseversion: * version 1.0.2-2 * Add Section to package metadata (bsc#1213432) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 20.04 2004 zypper in -t patch suse-ubu204ct-client-tools-202306-15222=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 20.04 2004 (all) * salt-minion-3006.0+ds-1+2.104.3 * python3-looseversion-1.0.2-2 * spacecmd-4.3.22-2.66.2 * salt-common-3006.0+ds-1+2.104.3 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://bugzilla.suse.com/show_bug.cgi?id=1213432 * https://jira.suse.com/browse/MSQA-679 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 16:30:02 -0000 Subject: SUSE-SU-2023:3168-1: moderate: Security update for poppler Message-ID: <169099380294.31688.18381308838468767038@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:3168-1 Rating: moderate References: * #1199272 Cross-References: * CVE-2022-27337 CVSS scores: * CVE-2022-27337 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-27337 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3168=1 openSUSE-SLE-15.4-2023-3168=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3168=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3168=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3168=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * poppler-qt6-debugsource-22.01.0-150400.3.6.1 * libpoppler-qt5-devel-22.01.0-150400.3.6.1 * libpoppler117-debuginfo-22.01.0-150400.3.6.1 * libpoppler117-22.01.0-150400.3.6.1 * poppler-tools-22.01.0-150400.3.6.1 * libpoppler-cpp0-22.01.0-150400.3.6.1 * poppler-debugsource-22.01.0-150400.3.6.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.6.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.6.1 * poppler-qt5-debugsource-22.01.0-150400.3.6.1 * libpoppler-glib8-22.01.0-150400.3.6.1 * libpoppler-qt6-3-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt5-1-22.01.0-150400.3.6.1 * libpoppler-qt6-3-22.01.0-150400.3.6.1 * libpoppler-glib-devel-22.01.0-150400.3.6.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.6.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.6.1 * libpoppler-devel-22.01.0-150400.3.6.1 * poppler-tools-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt6-devel-22.01.0-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libpoppler-cpp0-32bit-22.01.0-150400.3.6.1 * libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler117-32bit-22.01.0-150400.3.6.1 * libpoppler-glib8-32bit-22.01.0-150400.3.6.1 * libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt5-1-32bit-22.01.0-150400.3.6.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpoppler117-64bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt5-1-64bit-22.01.0-150400.3.6.1 * libpoppler-glib8-64bit-22.01.0-150400.3.6.1 * libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-cpp0-64bit-22.01.0-150400.3.6.1 * libpoppler117-64bit-22.01.0-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler117-debuginfo-22.01.0-150400.3.6.1 * libpoppler117-22.01.0-150400.3.6.1 * poppler-tools-22.01.0-150400.3.6.1 * libpoppler-cpp0-22.01.0-150400.3.6.1 * poppler-debugsource-22.01.0-150400.3.6.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.6.1 * libpoppler-glib8-22.01.0-150400.3.6.1 * libpoppler-glib-devel-22.01.0-150400.3.6.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.6.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.6.1 * libpoppler-devel-22.01.0-150400.3.6.1 * poppler-tools-debuginfo-22.01.0-150400.3.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler-qt5-devel-22.01.0-150400.3.6.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.6.1 * poppler-qt5-debugsource-22.01.0-150400.3.6.1 * libpoppler-cpp0-22.01.0-150400.3.6.1 * poppler-debugsource-22.01.0-150400.3.6.1 * libpoppler-devel-22.01.0-150400.3.6.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt5-1-22.01.0-150400.3.6.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libpoppler117-32bit-22.01.0-150400.3.6.1 * libpoppler-glib8-32bit-22.01.0-150400.3.6.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * poppler-debugsource-22.01.0-150400.3.6.1 * libpoppler117-debuginfo-22.01.0-150400.3.6.1 * libpoppler117-22.01.0-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-27337.html * https://bugzilla.suse.com/show_bug.cgi?id=1199272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 16:30:04 -0000 Subject: SUSE-SU-2023:3167-1: moderate: Security update for python-Django Message-ID: <169099380497.31688.516901392694158480@smelt2.suse.de> # Security update for python-Django Announcement ID: SUSE-SU-2023:3167-1 Rating: moderate References: * #1212742 Cross-References: * CVE-2023-36053 CVSS scores: * CVE-2023-36053 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-36053 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator (bsc#1212742). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-3167=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-3167=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-3167=1 ## Package List: * HPE Helion OpenStack 8 (noarch) * python-Django-1.11.29-3.48.1 * SUSE OpenStack Cloud 8 (noarch) * python-Django-1.11.29-3.48.1 * SUSE OpenStack Cloud Crowbar 8 (noarch) * python-Django-1.11.29-3.48.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36053.html * https://bugzilla.suse.com/show_bug.cgi?id=1212742 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 2 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 02 Aug 2023 16:30:06 -0000 Subject: SUSE-RU-2023:3166-1: moderate: Recommended update for certification-sles-eal4 Message-ID: <169099380660.31688.16325392268686715374@smelt2.suse.de> # Recommended update for certification-sles-eal4 Announcement ID: SUSE-RU-2023:3166-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that contains one feature can now be installed. ## Description: This update for certification-sles-eal4 fixes the following issues: This ships the Common Criteria certification package to SUSE Linux Enterprise Micro 5.3. Changes compared to SUSE Linux Enterprise Server 15 SP4: * disable our tmp.mount logic as this is already done by microos-tools ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3166=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3166=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * certification-sles-eal4-15.2+git20230219.8d115ca-150400.1.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * certification-sles-eal4-15.2+git20230219.8d115ca-150400.1.5.1 ## References: * https://jira.suse.com/browse/SLE-12227 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 07:02:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Aug 2023 09:02:56 +0200 (CEST) Subject: SUSE-CU-2023:2513-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20230803070256.3F385FD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2513-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.7 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.7 Severity : moderate Type : recommended References : 1212496 1213517 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3088-1 Released: Tue Aug 1 09:52:03 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1212496 This update for systemd-presets-common-SUSE fixes the following issues: - Fix systemctl being called with an empty argument (bsc#1212496) - Don't call systemctl list-unit-files with an empty argument (bsc#1212496) - Add wtmpdb-update-boot.service and wtmpdb-rotate.timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150500.17.12.1 updated - libopenssl1_1-1.1.1l-150500.17.12.1 updated - openssl-1_1-1.1.1l-150500.17.12.1 updated - systemd-presets-common-SUSE-15-150500.20.3.1 updated - container:sles15-image-15.0.0-36.5.21 updated From sle-updates at lists.suse.com Thu Aug 3 07:03:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Aug 2023 09:03:52 +0200 (CEST) Subject: SUSE-CU-2023:2514-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20230803070352.BF5D7FD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2514-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.7 , suse/manager/4.3/proxy-httpd:4.3.7.9.34.1 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.7 , suse/manager/4.3/proxy-httpd:susemanager-4.3.7.9.34.1 Container Release : 9.34.1 Severity : critical Type : security References : 1089497 1175823 1175823 1179747 1179747 1195380 1195380 1201337 1201337 1201627 1202234 1204089 1204089 1207330 1207330 1207417 1207534 1207550 1207550 1207691 1207691 1207941 1207941 1208528 1208528 1208577 1208577 1208612 1208612 1208720 1208720 1208721 1208984 1208984 1209156 1209156 1209229 1209565 1210004 1210011 1210011 1210103 1210103 1210394 1210394 1210406 1210406 1210456 1210456 1210475 1210475 1210659 1210659 1210834 1210834 1210957 1210957 1210994 1210994 1210999 1211062 1211062 1211261 1211261 1211276 1211276 1211330 1211330 1211418 1211419 1211469 1211469 1211621 1211621 1211650 1211650 1211713 1211713 1211828 1211897 1211897 1211929 1211929 1212032 1212032 1212126 1212187 1212187 1212222 1212222 1212260 1212550 1212550 1212588 1212588 1212623 1212700 1212700 1212770 1212770 1212771 1212771 1213237 1213432 1213432 1213487 CVE-2022-4304 CVE-2023-2183 CVE-2023-2602 CVE-2023-2603 CVE-2023-2801 CVE-2023-3128 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446 CVE-2023-34969 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3133-1 Released: Wed Aug 2 09:15:22 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1175823,1179747,1195380,1201337,1204089,1207330,1207417,1207550,1207691,1207941,1208528,1208577,1208612,1208720,1208984,1209156,1210011,1210103,1210394,1210406,1210456,1210475,1210659,1210834,1210957,1210994,1211062,1211276,1211330,1211469,1211621,1211650,1211713,1211897,1211929,1212032,1212550,1212588,1212700,1212770,1212771,1213432 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3136-1 Released: Wed Aug 2 09:16:10 2023 Summary: Maintenance update for SUSE Manager 4.3.7 Release Notes Type: security Severity: critical References: 1175823,1179747,1195380,1201337,1204089,1207330,1207550,1207691,1207941,1208528,1208577,1208612,1208720,1208984,1209156,1210011,1210103,1210394,1210406,1210456,1210475,1210659,1210834,1210957,1210994,1211062,1211276,1211330,1211469,1211621,1211650,1211713,1211897,1211929,1212032,1212550,1212588,1212700,1212770,1212771,1213432,CVE-2023-2183,CVE-2023-2801,CVE-2023-3128 Maintenance update for SUSE Manager 4.3.7 Release Notes: This is a codestream only update The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcap2-2.63-150400.3.3.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libzypp-17.31.14-150400.3.35.1 updated - zypper-1.14.61-150400.3.24.1 updated - curl-8.0.1-150400.5.26.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - release-notes-susemanager-proxy-4.3.7-150400.3.58.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - hwdata-0.371-150000.3.62.1 updated - python3-libxml2-2.9.14-150400.5.19.1 updated - spacewalk-backend-4.3.22-150400.3.24.6 updated From sle-updates at lists.suse.com Thu Aug 3 07:04:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Aug 2023 09:04:00 +0200 (CEST) Subject: SUSE-CU-2023:2515-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20230803070400.A514CFD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2515-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.7 , suse/manager/4.3/proxy-salt-broker:4.3.7.9.24.1 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.7 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.7.9.24.1 Container Release : 9.24.1 Severity : important Type : security References : 1089497 1201627 1202234 1207534 1208721 1209229 1209565 1210004 1210999 1211261 1211261 1211418 1211419 1211828 1212187 1212187 1212222 1212222 1212260 1212623 1213237 1213487 CVE-2022-4304 CVE-2023-2602 CVE-2023-2603 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcap2-2.63-150400.3.3.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libzypp-17.31.14-150400.3.35.1 updated - zypper-1.14.61-150400.3.24.1 updated - curl-8.0.1-150400.5.26.1 updated - openssl-1_1-1.1.1l-150400.7.48.1 updated From sle-updates at lists.suse.com Thu Aug 3 07:04:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Aug 2023 09:04:11 +0200 (CEST) Subject: SUSE-CU-2023:2516-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20230803070411.93F17FD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2516-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.7 , suse/manager/4.3/proxy-squid:4.3.7.9.33.1 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.7 , suse/manager/4.3/proxy-squid:susemanager-4.3.7.9.33.1 Container Release : 9.33.1 Severity : important Type : security References : 1201627 1207534 1208721 1209229 1210004 1210999 1211418 1211419 1211828 1212260 1212623 1213237 1213487 CVE-2022-4304 CVE-2023-2602 CVE-2023-2603 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcap2-2.63-150400.3.3.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libcurl4-8.0.1-150400.5.26.1 updated From sle-updates at lists.suse.com Thu Aug 3 07:04:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Aug 2023 09:04:20 +0200 (CEST) Subject: SUSE-CU-2023:2517-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20230803070420.204A6FD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2517-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.7 , suse/manager/4.3/proxy-ssh:4.3.7.9.24.1 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.7 , suse/manager/4.3/proxy-ssh:susemanager-4.3.7.9.24.1 Container Release : 9.24.1 Severity : important Type : security References : 1186673 1201627 1207534 1208721 1209229 1209536 1210004 1210999 1211418 1211419 1211828 1212260 1212623 1213004 1213008 1213237 1213487 1213504 CVE-2022-4304 CVE-2023-2602 CVE-2023-2603 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446 CVE-2023-38408 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcap2-2.63-150400.3.3.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - openssh-common-8.4p1-150300.3.22.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - openssh-fips-8.4p1-150300.3.22.1 updated - openssh-server-8.4p1-150300.3.22.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - openssh-8.4p1-150300.3.22.1 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Thu Aug 3 07:04:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Aug 2023 09:04:28 +0200 (CEST) Subject: SUSE-CU-2023:2518-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20230803070428.990B1FD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2518-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.7 , suse/manager/4.3/proxy-tftpd:4.3.7.9.24.1 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.7 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.7.9.24.1 Container Release : 9.24.1 Severity : important Type : security References : 1201627 1207534 1208721 1209229 1210004 1210999 1211418 1211419 1211674 1211828 1212260 1212623 1213237 1213487 CVE-2022-4304 CVE-2023-2602 CVE-2023-2603 CVE-2023-31484 CVE-2023-32001 CVE-2023-32681 CVE-2023-3446 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libcap2-2.63-150400.3.3.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - openssl-1_1-1.1.1l-150400.7.48.1 updated - python3-requests-2.24.0-150300.3.3.1 updated From sle-updates at lists.suse.com Thu Aug 3 09:40:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 09:40:33 -0000 Subject: SUSE-SU-2023:3174-1: moderate: Security update for mariadb Message-ID: <169105563323.21080.14031674817886661652@smelt2.suse.de> # Security update for mariadb Announcement ID: SUSE-SU-2023:3174-1 Rating: moderate References: * #1201164 Cross-References: * CVE-2022-32084 CVSS scores: * CVE-2022-32084 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32084 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: * CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3174=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3174=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-3174=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-3174=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-3174=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3174=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3174=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3174=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * mariadb-client-debuginfo-10.2.44-3.53.1 * mariadb-10.2.44-3.53.1 * mariadb-galera-10.2.44-3.53.1 * mariadb-client-10.2.44-3.53.1 * mariadb-tools-debuginfo-10.2.44-3.53.1 * mariadb-debugsource-10.2.44-3.53.1 * mariadb-debuginfo-10.2.44-3.53.1 * mariadb-tools-10.2.44-3.53.1 * SUSE OpenStack Cloud 9 (noarch) * mariadb-errormessages-10.2.44-3.53.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * mariadb-client-debuginfo-10.2.44-3.53.1 * mariadb-10.2.44-3.53.1 * mariadb-galera-10.2.44-3.53.1 * mariadb-client-10.2.44-3.53.1 * mariadb-tools-debuginfo-10.2.44-3.53.1 * mariadb-debugsource-10.2.44-3.53.1 * mariadb-debuginfo-10.2.44-3.53.1 * mariadb-tools-10.2.44-3.53.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * mariadb-errormessages-10.2.44-3.53.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * mariadb-client-debuginfo-10.2.44-3.53.1 * mariadb-10.2.44-3.53.1 * mariadb-tools-debuginfo-10.2.44-3.53.1 * mariadb-client-10.2.44-3.53.1 * mariadb-debugsource-10.2.44-3.53.1 * mariadb-debuginfo-10.2.44-3.53.1 * mariadb-tools-10.2.44-3.53.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * mariadb-errormessages-10.2.44-3.53.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * mariadb-client-debuginfo-10.2.44-3.53.1 * mariadb-10.2.44-3.53.1 * mariadb-tools-debuginfo-10.2.44-3.53.1 * mariadb-client-10.2.44-3.53.1 * mariadb-debugsource-10.2.44-3.53.1 * mariadb-debuginfo-10.2.44-3.53.1 * mariadb-tools-10.2.44-3.53.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * mariadb-errormessages-10.2.44-3.53.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * mariadb-client-debuginfo-10.2.44-3.53.1 * mariadb-10.2.44-3.53.1 * mariadb-tools-debuginfo-10.2.44-3.53.1 * mariadb-client-10.2.44-3.53.1 * mariadb-debugsource-10.2.44-3.53.1 * mariadb-debuginfo-10.2.44-3.53.1 * mariadb-tools-10.2.44-3.53.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * mariadb-errormessages-10.2.44-3.53.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * mariadb-client-debuginfo-10.2.44-3.53.1 * mariadb-10.2.44-3.53.1 * mariadb-tools-debuginfo-10.2.44-3.53.1 * mariadb-client-10.2.44-3.53.1 * mariadb-debugsource-10.2.44-3.53.1 * mariadb-debuginfo-10.2.44-3.53.1 * mariadb-tools-10.2.44-3.53.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * mariadb-errormessages-10.2.44-3.53.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * mariadb-client-debuginfo-10.2.44-3.53.1 * mariadb-10.2.44-3.53.1 * mariadb-tools-debuginfo-10.2.44-3.53.1 * mariadb-client-10.2.44-3.53.1 * mariadb-debugsource-10.2.44-3.53.1 * mariadb-debuginfo-10.2.44-3.53.1 * mariadb-tools-10.2.44-3.53.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * mariadb-errormessages-10.2.44-3.53.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * mariadb-client-debuginfo-10.2.44-3.53.1 * mariadb-10.2.44-3.53.1 * mariadb-tools-debuginfo-10.2.44-3.53.1 * mariadb-client-10.2.44-3.53.1 * mariadb-debugsource-10.2.44-3.53.1 * mariadb-debuginfo-10.2.44-3.53.1 * mariadb-tools-10.2.44-3.53.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * mariadb-errormessages-10.2.44-3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2022-32084.html * https://bugzilla.suse.com/show_bug.cgi?id=1201164 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 09:40:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 09:40:36 -0000 Subject: SUSE-RU-2023:3173-1: moderate: Recommended update for perl-Bootloader Message-ID: <169105563632.21080.4405476791699827318@smelt2.suse.de> # Recommended update for perl-Bootloader Announcement ID: SUSE-RU-2023:3173-1 Rating: moderate References: * #1201399 * #1208003 * #1210799 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has three recommended fixes can now be installed. ## Description: This update for perl-Bootloader fixes the following issues: * Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) * UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) * Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) * Add basic support for systemd-boot ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3173=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3173=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3173=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3173=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3173=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3173=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3173=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3173=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3173=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3173=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3173=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3173=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * perl-Bootloader-0.944-150300.3.9.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * perl-Bootloader-0.944-150300.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * perl-Bootloader-0.944-150300.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * perl-Bootloader-YAML-0.944-150300.3.9.1 * perl-Bootloader-0.944-150300.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * perl-Bootloader-YAML-0.944-150300.3.9.1 * perl-Bootloader-0.944-150300.3.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * perl-Bootloader-YAML-0.944-150300.3.9.1 * perl-Bootloader-0.944-150300.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-YAML-0.944-150300.3.9.1 * perl-Bootloader-0.944-150300.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * perl-Bootloader-YAML-0.944-150300.3.9.1 * perl-Bootloader-0.944-150300.3.9.1 * SUSE Manager Proxy 4.2 (x86_64) * perl-Bootloader-0.944-150300.3.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * perl-Bootloader-0.944-150300.3.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * perl-Bootloader-0.944-150300.3.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * perl-Bootloader-YAML-0.944-150300.3.9.1 * perl-Bootloader-0.944-150300.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201399 * https://bugzilla.suse.com/show_bug.cgi?id=1208003 * https://bugzilla.suse.com/show_bug.cgi?id=1210799 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 09:40:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 09:40:48 -0000 Subject: SUSE-SU-2023:3172-1: important: Security update for the Linux Kernel Message-ID: <169105564857.21080.6945317182533612750@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3172-1 Rating: important References: * #1150305 * #1193629 * #1194869 * #1207894 * #1208788 * #1211243 * #1211867 * #1212256 * #1212301 * #1212525 * #1212846 * #1212905 * #1213059 * #1213061 * #1213205 * #1213206 * #1213226 * #1213233 * #1213245 * #1213247 * #1213252 * #1213258 * #1213259 * #1213263 * #1213264 * #1213286 * #1213493 * #1213523 * #1213524 * #1213533 * #1213543 * #1213705 Cross-References: * CVE-2023-20593 * CVE-2023-2985 * CVE-2023-3117 * CVE-2023-31248 * CVE-2023-3390 * CVE-2023-35001 * CVE-2023-3812 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves seven vulnerabilities, contains two features and has 25 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: * Dropped patch that caused issues with k3s (bsc#1213705). * ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git- fixes). * ASoC: SOF: topology: Fix logic for copying tuples (git-fixes). * Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git- fixes). * Bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes). * Bluetooth: ISO: fix iso_conn related locking and validity issues (git- fixes). * Bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes). * Bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes). * Bluetooth: fix use-bdaddr-property quirk (git-fixes). * Bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes). * Bluetooth: hci_event: call disconnect callback before deleting conn (git- fixes). * Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes). * Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git- fixes). * Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) * PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (bsc#1212525). * PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git- fixes). * Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git- fixes) * Revert "drm/i915: Disable DSB usage for now" (git-fixes). * USB: dwc2: Fix some error handling paths (git-fixes). * USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). * USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). * USB: typec: Fix fast_role_swap_current show function (git-fixes). * Update config and supported.conf files due to renaming. * acpi: Fix suspend with Xen PV (git-fixes). * adreno: Shutdown the GPU properly (git-fixes). * arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) * arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git- fixes) * arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) * arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) * can: bcm: Fix UAF in bcm_proc_show() (git-fixes). * ceph: add a dedicated private data for netfs rreq (bsc#1213205). * ceph: fix blindly expanding the readahead windows (bsc#1213206). * cifs: add a warning when the in-flight count goes negative (bsc#1193629). * cifs: address unused variable warning (bsc#1193629). * cifs: do all necessary checks for credits within or before locking (bsc#1193629). * cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). * cifs: fix max_credits implementation (bsc#1193629). * cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). * cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). * cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). * cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). * cifs: fix status checks in cifs_tree_connect (bsc#1193629). * cifs: log session id when a matching ses is not found (bsc#1193629). * cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). * cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). * cifs: print all credit counters in DebugData (bsc#1193629). * cifs: print client_guid in DebugData (bsc#1193629). * cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). * cifs: print nosharesock value while dumping mount options (bsc#1193629). * codel: fix kernel-doc notation warnings (git-fixes). * cpufreq: tegra194: Fix module loading (git-fixes). * devlink: fix kernel-doc notation warnings (git-fixes). * dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes). * drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes). * drm/amd/amdgpu: limit one queue per gang (git-fixes). * drm/amd/amdgpu: update mes11 api def (git-fixes). * drm/amd/display (gcc13): fix enum mismatch (git-fixes). * drm/amd/display: Add Z8 allow states to z-state support list (git-fixes). * drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes). * drm/amd/display: Add minimum Z8 residency debug option (git-fixes). * drm/amd/display: Add missing WA and MCLK validation (git-fixes). * drm/amd/display: Change default Z8 watermark values (git-fixes). * drm/amd/display: Correct DML calculation to align HW formula (git-fixes). * drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes). * drm/amd/display: Do not update DRR while BW optimizations pending (git- fixes). * drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes). * drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes). * drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes). * drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes). * drm/amd/display: Fix Z8 support configurations (git-fixes). * drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes). * drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes). * drm/amd/display: Have Payload Properly Created After Resume (git-fixes). * drm/amd/display: Lowering min Z8 residency time (git-fixes). * drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes). * drm/amd/display: Refactor eDP PSR codes (git-fixes). * drm/amd/display: Remove FPU guards from the DML folder (git-fixes). * drm/amd/display: Remove optimization for VRR updates (git-fixes). * drm/amd/display: Remove stutter only configurations (git-fixes). * drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes). * drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes). * drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes). * drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes). * drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes). * drm/amd/display: fix a divided-by-zero error (git-fixes). * drm/amd/display: fixed dcn30+ underflow issue (git-fixes). * drm/amd/display: limit timing for single dimm memory (git-fixes). * drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes). * drm/amd/display: set dcn315 lb bpp to 48 (git-fixes). * drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (git-fixes). * drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes). * drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (git-fixes). * drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git- fixes). * drm/amd/pm: resolve reboot exception for si oland (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes). * drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes). * drm/amd/pm: workaround for compute workload type on some skus (git-fixes). * drm/amd: Add a new helper for loading/validating microcode (git-fixes). * drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes). * drm/amd: Load MES microcode during early_init (git-fixes). * drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes). * drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git- fixes). * drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes). * drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes). * drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes). * drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes). * drm/amdgpu/mes11: enable reg active poll (git-fixes). * drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes). * drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git- fixes). * drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes). * drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes). * drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes). * drm/amdgpu: Fix sdma v4 sw fini error (git-fixes). * drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes). * drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git- fixes). * drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes). * drm/amdgpu: change reserved vram info print (git-fixes). * drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes). * drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes). * drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes). * drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes). * drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes). * drm/amdgpu: refine get gpu clock counter method (git-fixes). * drm/amdgpu: remove deprecated MES version vars (git-fixes). * drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes). * drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes). * drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes). * drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes). * drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes). * drm/bridge: anx7625: Prevent endless probe loop (git-fixes). * drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes). * drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes). * drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git- fixes). * drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). * drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes). * drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). * drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes). * drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes). * drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes). * drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes). * drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes). * drm/etnaviv: move idle mapping reaping into separate function (git-fixes). * drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes). * drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs (bsc#1213493). * drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes). * drm/i915/gt: Cleanup partial engine discovery failures (git-fixes). * drm/i915/guc: Add error-capture init warnings when needed (git-fixes). * drm/i915/guc: Fix missing ecodes (git-fixes). * drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes). * drm/i915/guc: Rename GuC register state capture node to be more obvious (git-fixes). * drm/i915/mtl: update scaler source and destination limits for MTL (git- fixes). * drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git- fixes). * drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git- fixes). * drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git- fixes). * drm/i915: Allow panel fixed modes to have differing sync polarities (git- fixes). * drm/i915: Check pipe source size when using skl+ scalers (git-fixes). * drm/i915: Do panel VBT init early if the VBT declares an explicit panel type (git-fixes). * drm/i915: Fix TypeC mode initialization during system resume (git-fixes). * drm/i915: Fix a memory leak with reused mmap_offset (git-fixes). * drm/i915: Fix negative value passed as remaining time (git-fixes). * drm/i915: Fix one wrong caching mode enum usage (git-fixes). * drm/i915: Introduce intel_panel_init_alloc() (git-fixes). * drm/i915: Never return 0 if not all requests retired (git-fixes). * drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes). * drm/i915: Print return value on error (git-fixes). * drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes). * drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes). * drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes). * drm/msm/adreno: Simplify read64/write64 helpers (git-fixes). * drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes). * drm/msm/disp/dpu: get timing engine status from intf status register (git- fixes). * drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes). * drm/msm/dpu: Assign missing writeback log_mask (git-fixes). * drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). * drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes). * drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git- fixes). * drm/msm/hdmi: use devres helper for runtime PM management (git-fixes). * drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git- fixes). * drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git- fixes). * drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). * drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes). * drm/ttm: Do not leak a resource on swapout move error (git-fixes). * drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes). * drm/virtio: Simplify error handling of virtio_gpu_object_create() (git- fixes). * drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes). * drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable implementation (git-fixes). * drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable (git-fixes). * drm/vmwgfx: Remove ttm object hashtable (git-fixes). * drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes). * drm/vmwgfx: Write the driver id registers (git-fixes). * drm: Add fixed-point helper to get rounded integer values (git-fixes). * drm: Add missing DP DSC extended capability definitions (git-fixes). * drm: Optimize drm buddy top-down allocation method (git-fixes). * drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git- fixes). * drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes). * drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes). * drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes). * drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes). * fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). * fuse: revalidate: do not invalidate if interrupted (bsc#1213523). * i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226). * irqchip/gic-v3: Claim iomem resources (bsc#1213533) * irqchip/gicv3: Handle resource request failure consistently (bsc#1213533) * irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533) * kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). * kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of- tree production drivers * kabi/severities: ignore kABI of i915 module It's exported only for its sub- module, not really used by externals * kabi/severities: ignore kABI of vmwgfx The driver exports a function unnecessarily without used by anyone else. Ignore the kABI changes. * memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). * net: mana: Add support for vlan tagging (bsc#1212301). * net: phy: prevent stale pointer dereference in phy_init() (git-fixes). * net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git- fixes). * net: qrtr: start MHI channel after endpoit creation (git-fixes). * nilfs2: reject devices with insufficient block count (git-fixes). * ocfs2: Switch to security_inode_init_security() (git-fixes). * ocfs2: check new file size on fallocate call (git-fixes). * ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). * perf/x86/amd/core: Always clear status for idx (bsc#1213233). * pie: fix kernel-doc notation warning (git-fixes). * powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). * powerpc/64s: Fix VAS mm use after free (bsc#1194869). * powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). * powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). * powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). * powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). * powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross- boundary (bsc#1150305 ltc#176097 git-fixes). * powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). * powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). * powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). * powerpc/prom_init: Fix kernel config grep (bsc#1194869). * powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close (jsc#PED-542 git-fixes). * powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). * powerpc: clean vdso32 and vdso64 directories (bsc#1194869). * powerpc: define get_cycles macro for arch-override (bsc#1194869). * powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). * rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS__. * rsi: remove kernel-doc comment marker (git-fixes). * s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). * s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). * s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). * s390/pci: clean up left over special treatment for function zero (bsc#1212525). * s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525). * s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525). * s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). * s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). * s390: discard .interp section (git-fixes bsc#1213247). * security: keys: Modify mismatched function name (git-fixes). * selftests/ir: fix build with ancient kernel headers (git-fixes). * selftests: cgroup: fix unsigned comparison with less than zero (git-fixes). * selftests: forwarding: Fix packet matching in mirroring selftests (git- fixes). * selftests: tc: add 'ct' action kconfig dep (git-fixes). * selftests: tc: add ConnTrack procfs kconfig (git-fixes). * selftests: tc: set timeout to 15 minutes (git-fixes). * signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). * signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). * smb3: do not reserve too many oplock credits (bsc#1193629). * smb3: missing null check in SMB2_change_notify (bsc#1193629). * smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). * smb: client: fix missed ses refcounting (git-fixes). * smb: client: fix parsing of source mount option (bsc#1193629). * smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). * smb: client: fix warning in CIFSFindFirst() (bsc#1193629). * smb: client: fix warning in CIFSFindNext() (bsc#1193629). * smb: client: fix warning in cifs_match_super() (bsc#1193629). * smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). * smb: client: fix warning in generic_ip_connect() (bsc#1193629). * smb: client: improve DFS mount check (bsc#1193629). * smb: client: remove redundant pointer 'server' (bsc#1193629). * smb: delete an unnecessary statement (bsc#1193629). * smb: move client and server files to common directory fs/smb (bsc#1193629). * smb: remove obsolete comment (bsc#1193629). * soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes). * soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes). * soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes). * spi: bcm63xx: fix max prepend length (git-fixes). * swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes). * tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git- fixes). * wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). * wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart (git-fixes). * wifi: ath11k: Add missing check for ioremap (git-fixes). * wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git- fixes). * x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes). * x86/platform/uv: Add platform resolving #defines for misc GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256 jsc#PED-4718). * x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718). * x86/platform/uv: When searching for minimums, start at INT_MAX not 99999 (bsc#1212256 jsc#PED-4718). * x86: Fix .brk attribute in linker script (git-fixes). * xfs: clean up the rtbitmap fsmap backend (git-fixes). * xfs: do not deplete the reserve pool when trying to shrink the fs (git- fixes). * xfs: do not reverse order of items in bulk AIL insertion (git-fixes). * xfs: fix getfsmap reporting past the last rt extent (git-fixes). * xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git- fixes). * xfs: fix interval filtering in multi-step fsmap queries (git-fixes). * xfs: fix logdev fsmap query result filtering (git-fixes). * xfs: fix off-by-one error when the last rt extent is in use (git-fixes). * xfs: fix uninitialized variable access (git-fixes). * xfs: make fsmap backend function key parameters const (git-fixes). * xfs: make the record pointer passed to query_range functions const (git- fixes). * xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3172=1 openSUSE-SLE-15.5-2023-3172=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3172=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3172=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3172=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3172=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3172=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3172=1 ## Package List: * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (noarch) * kernel-source-5.14.21-150500.55.12.1 * kernel-macros-5.14.21-150500.55.12.1 * kernel-source-vanilla-5.14.21-150500.55.12.1 * kernel-devel-5.14.21-150500.55.12.1 * kernel-docs-html-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-devel-debuginfo-5.14.21-150500.55.12.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.12.1 * kernel-debug-debugsource-5.14.21-150500.55.12.1 * kernel-debug-debuginfo-5.14.21-150500.55.12.1 * kernel-debug-devel-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (x86_64) * kernel-debug-vdso-5.14.21-150500.55.12.1 * kernel-default-vdso-debuginfo-5.14.21-150500.55.12.1 * kernel-default-vdso-5.14.21-150500.55.12.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.12.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.12.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debugsource-5.14.21-150500.55.12.1 * kernel-kvmsmall-devel-5.14.21-150500.55.12.1 * kernel-default-base-5.14.21-150500.55.12.1.150500.6.4.2 * kernel-default-base-rebuild-5.14.21-150500.55.12.1.150500.6.4.2 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.12.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.12.1 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.12.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.12.1 * kernel-obs-build-debugsource-5.14.21-150500.55.12.1 * dlm-kmp-default-5.14.21-150500.55.12.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.12.1 * kernel-obs-build-5.14.21-150500.55.12.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-extra-5.14.21-150500.55.12.1 * kernel-syms-5.14.21-150500.55.12.1 * kernel-default-optional-5.14.21-150500.55.12.1 * kselftests-kmp-default-5.14.21-150500.55.12.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * reiserfs-kmp-default-5.14.21-150500.55.12.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.12.1 * kernel-default-livepatch-devel-5.14.21-150500.55.12.1 * kernel-default-livepatch-5.14.21-150500.55.12.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.12.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.12.1 * ocfs2-kmp-default-5.14.21-150500.55.12.1 * cluster-md-kmp-default-5.14.21-150500.55.12.1 * kernel-obs-qa-5.14.21-150500.55.12.1 * kernel-default-devel-5.14.21-150500.55.12.1 * gfs2-kmp-default-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-1-150500.11.3.2 * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-1-150500.11.3.2 * kernel-livepatch-SLE15-SP5_Update_2-debugsource-1-150500.11.3.2 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.12.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64) * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * dtb-sprd-5.14.21-150500.55.12.1 * dtb-exynos-5.14.21-150500.55.12.1 * dtb-allwinner-5.14.21-150500.55.12.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.12.1 * kernel-64kb-devel-5.14.21-150500.55.12.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.12.1 * dtb-altera-5.14.21-150500.55.12.1 * dtb-arm-5.14.21-150500.55.12.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * kernel-64kb-extra-5.14.21-150500.55.12.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.12.1 * dtb-amlogic-5.14.21-150500.55.12.1 * dtb-apple-5.14.21-150500.55.12.1 * kselftests-kmp-64kb-5.14.21-150500.55.12.1 * dtb-socionext-5.14.21-150500.55.12.1 * dtb-xilinx-5.14.21-150500.55.12.1 * dtb-apm-5.14.21-150500.55.12.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * dtb-lg-5.14.21-150500.55.12.1 * dtb-renesas-5.14.21-150500.55.12.1 * dtb-qcom-5.14.21-150500.55.12.1 * dtb-nvidia-5.14.21-150500.55.12.1 * kernel-64kb-optional-5.14.21-150500.55.12.1 * gfs2-kmp-64kb-5.14.21-150500.55.12.1 * dtb-broadcom-5.14.21-150500.55.12.1 * dtb-cavium-5.14.21-150500.55.12.1 * kernel-64kb-debugsource-5.14.21-150500.55.12.1 * dtb-marvell-5.14.21-150500.55.12.1 * dtb-rockchip-5.14.21-150500.55.12.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * dtb-amd-5.14.21-150500.55.12.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.12.1 * dtb-hisilicon-5.14.21-150500.55.12.1 * ocfs2-kmp-64kb-5.14.21-150500.55.12.1 * dtb-freescale-5.14.21-150500.55.12.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * reiserfs-kmp-64kb-5.14.21-150500.55.12.1 * dlm-kmp-64kb-5.14.21-150500.55.12.1 * dtb-amazon-5.14.21-150500.55.12.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * cluster-md-kmp-64kb-5.14.21-150500.55.12.1 * kernel-64kb-debuginfo-5.14.21-150500.55.12.1 * dtb-mediatek-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-debuginfo-5.14.21-150500.55.12.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.12.1 * kernel-64kb-devel-5.14.21-150500.55.12.1 * kernel-64kb-debugsource-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.12.1.150500.6.4.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150500.55.12.1 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (noarch) * kernel-macros-5.14.21-150500.55.12.1 * kernel-devel-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.12.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.12.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.12.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.14.21-150500.55.12.1 * kernel-obs-build-debugsource-5.14.21-150500.55.12.1 * kernel-syms-5.14.21-150500.55.12.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.12.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.12.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150500.55.12.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.12.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-1-150500.11.3.2 * kernel-default-livepatch-devel-5.14.21-150500.55.12.1 * kernel-default-livepatch-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 * kernel-livepatch-5_14_21-150500_55_12-default-1-150500.11.3.2 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.12.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.12.1 * dlm-kmp-default-5.14.21-150500.55.12.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.12.1 * gfs2-kmp-default-5.14.21-150500.55.12.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 * ocfs2-kmp-default-5.14.21-150500.55.12.1 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * cluster-md-kmp-default-5.14.21-150500.55.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.12.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.12.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-extra-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://bugzilla.suse.com/show_bug.cgi?id=1150305 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1207894 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1211243 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212256 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212525 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1212905 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213205 * https://bugzilla.suse.com/show_bug.cgi?id=1213206 * https://bugzilla.suse.com/show_bug.cgi?id=1213226 * https://bugzilla.suse.com/show_bug.cgi?id=1213233 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213247 * https://bugzilla.suse.com/show_bug.cgi?id=1213252 * https://bugzilla.suse.com/show_bug.cgi?id=1213258 * https://bugzilla.suse.com/show_bug.cgi?id=1213259 * https://bugzilla.suse.com/show_bug.cgi?id=1213263 * https://bugzilla.suse.com/show_bug.cgi?id=1213264 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213493 * https://bugzilla.suse.com/show_bug.cgi?id=1213523 * https://bugzilla.suse.com/show_bug.cgi?id=1213524 * https://bugzilla.suse.com/show_bug.cgi?id=1213533 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://jira.suse.com/browse/PED-4718 * https://jira.suse.com/browse/PED-4758 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 09:41:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 09:41:17 -0000 Subject: SUSE-SU-2023:3171-1: important: Security update for the Linux Kernel Message-ID: <169105567730.21080.2080053865302099999@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3171-1 Rating: important References: * #1150305 * #1193629 * #1194869 * #1207894 * #1208788 * #1210565 * #1210584 * #1210853 * #1211243 * #1211811 * #1211867 * #1212301 * #1212846 * #1212905 * #1213010 * #1213011 * #1213012 * #1213013 * #1213014 * #1213015 * #1213016 * #1213017 * #1213018 * #1213019 * #1213020 * #1213021 * #1213024 * #1213025 * #1213032 * #1213034 * #1213035 * #1213036 * #1213037 * #1213038 * #1213039 * #1213040 * #1213041 * #1213059 * #1213061 * #1213087 * #1213088 * #1213089 * #1213090 * #1213092 * #1213093 * #1213094 * #1213095 * #1213096 * #1213098 * #1213099 * #1213100 * #1213102 * #1213103 * #1213104 * #1213105 * #1213106 * #1213107 * #1213108 * #1213109 * #1213110 * #1213111 * #1213112 * #1213113 * #1213114 * #1213134 * #1213245 * #1213247 * #1213252 * #1213258 * #1213259 * #1213263 * #1213264 * #1213286 * #1213523 * #1213524 * #1213543 * #1213705 Cross-References: * CVE-2023-20593 * CVE-2023-2985 * CVE-2023-3117 * CVE-2023-31248 * CVE-2023-3390 * CVE-2023-35001 * CVE-2023-3812 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities and has 70 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: * ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). * ALSA: fireface: make read-only const array for model names static (git- fixes). * ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). * ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). * ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). * ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). * ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). * ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). * ALSA: hda/realtek: Whitespace fix (git-fixes). * ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). * ALSA: oxfw: make read-only const array models static (git-fixes). * ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git- fixes). * ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git- fixes). * ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). * ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). * ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). * ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). * ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). * ASoC: tegra: Fix ADX byte map (git-fixes). * ASoC: tegra: Fix AMX byte map (git-fixes). * Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). * Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git- fixes). * Documentation: bonding: fix the doc of peer_notif_delay (git-fixes). * Documentation: timers: hrtimers: Make hybrid union historical (git-fixes). * Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) * Fix documentation of panic_on_warn (git-fixes). * IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) * PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). * PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). * RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) * Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git- fixes) * Revert "drm/amd/display: edp do not add non-edid timings" (git-fixes). * USB: dwc2: Fix some error handling paths (git-fixes). * USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). * USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). * USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). * USB: serial: option: add LARA-R6 01B PIDs (git-fixes). * Update config and supported.conf files due to renaming. * apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). * arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) * arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git- fixes) * arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) * arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) * can: bcm: Fix UAF in bcm_proc_show() (git-fixes). * cifs: add a warning when the in-flight count goes negative (bsc#1193629). * cifs: address unused variable warning (bsc#1193629). * cifs: do all necessary checks for credits within or before locking (bsc#1193629). * cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). * cifs: fix max_credits implementation (bsc#1193629). * cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). * cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). * cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). * cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). * cifs: fix status checks in cifs_tree_connect (bsc#1193629). * cifs: log session id when a matching ses is not found (bsc#1193629). * cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). * cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). * cifs: print all credit counters in DebugData (bsc#1193629). * cifs: print client_guid in DebugData (bsc#1193629). * cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). * cifs: print nosharesock value while dumping mount options (bsc#1193629). * clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git- fixes). * clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). * codel: fix kernel-doc notation warnings (git-fixes). * crypto: kpp - Add helper to set reqsize (git-fixes). * crypto: qat - Use helper to set reqsize (git-fixes). * devlink: fix kernel-doc notation warnings (git-fixes). * docs: networking: Update codeaurora references for rmnet (git-fixes). * drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). * drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). * drm/amdgpu: Validate VM ioctl flags (git-fixes). * drm/amdgpu: avoid restore process run into dead loop (git-fixes). * drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git- fixes). * drm/atomic: Allow vblank-enabled + self-refresh "disable" (git-fixes). * drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). * drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git- fixes). * drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). * drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). * drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git- fixes). * drm/i915: Fix one wrong caching mode enum usage (git-fixes). * drm/msm/disp/dpu: get timing engine status from intf status register (git- fixes). * drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). * drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git- fixes). * drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). * drm/ttm: Do not leak a resource on swapout move error (git-fixes). * dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in "compatible" conditional schema (git-fixes). * ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). * ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). * ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). * ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). * ext4: add strict range checks while freeing blocks (bsc#1213089). * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). * ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). * ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). * ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). * ext4: disallow ea_inodes with extended attributes (bsc#1213108). * ext4: fail ext4_iget if special inode unallocated (bsc#1213010). * ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). * ext4: fix WARNING in mb_find_extent (bsc#1213099). * ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). * ext4: fix data races when using cached status extents (bsc#1213102). * ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). * ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). * ext4: fix lockdep warning when enabling MMP (bsc#1213100). * ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). * ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). * ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). * ext4: improve error handling from ext4_dirhash() (bsc#1213104). * ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). * ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). * ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). * ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). * ext4: refuse to create ea block when umounted (bsc#1213093). * ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). * ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). * ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). * ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). * ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). * fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). * fbdev: imxfb: warn about invalid left/right margin (git-fixes). * fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). * fuse: revalidate: do not invalidate if interrupted (bsc#1213523). * hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). * hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). * hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). * hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). * hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). * hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). * hwmon: (adm1275) Allow setting sample averaging (git-fixes). * hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). * i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). * i2c: xiic: Do not try to handle more interrupt events after error (git- fixes). * inotify: Avoid reporting event with invalid wd (bsc#1213025). * jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). * jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). * kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). * kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of- tree production drivers * kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). * leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git- fixes). * media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). * media: cec: i2c: ch7322: also select REGMAP (git-fixes). * media: i2c: Correct format propagation for st-mipid02 (git-fixes). * media: usb: Check az6007_read() return value (git-fixes). * media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). * media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). * media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). * memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). * mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). * mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). * net: mana: Add support for vlan tagging (bsc#1212301). * net: phy: prevent stale pointer dereference in phy_init() (git-fixes). * ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). * ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). * ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). * ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). * ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). * nvme-multipath: support io stats on the mpath device (bsc#1210565). * nvme: introduce nvme_start_request (bsc#1210565). * ocfs2: Switch to security_inode_init_security() (git-fixes). * ocfs2: check new file size on fallocate call (git-fixes). * ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). * opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). * phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB" (git- fixes). * phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). * phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). * pie: fix kernel-doc notation warning (git-fixes). * pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). * pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). * pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). * powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). * powerpc/64s: Fix VAS mm use after free (bsc#1194869). * powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). * powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). * powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). * powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). * powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross- boundary (bsc#1150305 ltc#176097 git-fixes). * powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). * powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). * powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). * powerpc/prom_init: Fix kernel config grep (bsc#1194869). * powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). * powerpc: clean vdso32 and vdso64 directories (bsc#1194869). * powerpc: define get_cycles macro for arch-override (bsc#1194869). * powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). * pwm: ab8500: Fix error code in probe() (git-fixes). * pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). * pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). * rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS__. * rsi: remove kernel-doc comment marker (git-fixes). * s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). * s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). * s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). * s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). * s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). * s390: discard .interp section (git-fixes bsc#1213247). * sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) * sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) * security: keys: Modify mismatched function name (git-fixes). * selftests: mptcp: depend on SYN_COOKIES (git-fixes). * selftests: mptcp: sockopt: return error if wrong mark (git-fixes). * selftests: rtnetlink: remove netdevsim device after ipsec offload test (git- fixes). * selftests: tc: add 'ct' action kconfig dep (git-fixes). * selftests: tc: add ConnTrack procfs kconfig (git-fixes). * selftests: tc: set timeout to 15 minutes (git-fixes). * signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). * signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). * smb3: do not reserve too many oplock credits (bsc#1193629). * smb3: missing null check in SMB2_change_notify (bsc#1193629). * smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). * smb: client: fix missed ses refcounting (git-fixes). * smb: client: fix parsing of source mount option (bsc#1193629). * smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). * smb: client: fix warning in CIFSFindFirst() (bsc#1193629). * smb: client: fix warning in CIFSFindNext() (bsc#1193629). * smb: client: fix warning in cifs_match_super() (bsc#1193629). * smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). * smb: client: fix warning in generic_ip_connect() (bsc#1193629). * smb: client: improve DFS mount check (bsc#1193629). * smb: client: remove redundant pointer 'server' (bsc#1193629). * smb: delete an unnecessary statement (bsc#1193629). * smb: move client and server files to common directory fs/smb (bsc#1193629). * smb: remove obsolete comment (bsc#1193629). * soundwire: qcom: fix storing port config out-of-bounds (git-fixes). * spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git- fixes). * spi: bcm63xx: fix max prepend length (git-fixes). * tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git- fixes). * tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). * ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). * udf: Avoid double brelse() in udf_rename() (bsc#1213032). * udf: Define EFSCORRUPTED error code (bsc#1213038). * udf: Detect system inodes linked into directory hierarchy (bsc#1213114). * udf: Discard preallocation before extending file with a hole (bsc#1213036). * udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). * udf: Do not bother merging very long extents (bsc#1213040). * udf: Do not update file length for failed writes to inline files (bsc#1213041). * udf: Fix error handling in udf_new_inode() (bsc#1213112). * udf: Fix extending file within last block (bsc#1213037). * udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). * udf: Preserve link count of system files (bsc#1213113). * udf: Truncate added extents on failed expansion (bsc#1213039). * wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). * wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). * wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). * wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git- fixes). * wl3501_cs: use eth_hw_addr_set() (git-fixes). * writeback: fix call of incorrect macro (bsc#1213024). * x86: Fix .brk attribute in linker script (git-fixes). * xfs: AIL needs asynchronous CIL forcing (bsc#1211811). * xfs: CIL work is serialised, not pipelined (bsc#1211811). * xfs: XLOG_STATE_IOERROR must die (bsc#1211811). * xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). * xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). * xfs: clean up the rtbitmap fsmap backend (git-fixes). * xfs: do not deplete the reserve pool when trying to shrink the fs (git- fixes). * xfs: do not reverse order of items in bulk AIL insertion (git-fixes). * xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). * xfs: drop async cache flushes from CIL commits (bsc#1211811). * xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). * xfs: fix getfsmap reporting past the last rt extent (git-fixes). * xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git- fixes). * xfs: fix interval filtering in multi-step fsmap queries (git-fixes). * xfs: fix logdev fsmap query result filtering (git-fixes). * xfs: fix off-by-one error when the last rt extent is in use (git-fixes). * xfs: fix uninitialized variable access (git-fixes). * xfs: make fsmap backend function key parameters const (git-fixes). * xfs: make the record pointer passed to query_range functions const (git- fixes). * xfs: move the CIL workqueue to the CIL (bsc#1211811). * xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). * xfs: order CIL checkpoint start records (bsc#1211811). * xfs: pass a CIL context to xlog_write() (bsc#1211811). * xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). * xfs: rework xlog_state_do_callback() (bsc#1211811). * xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). * xfs: separate out log shutdown callback processing (bsc#1211811). * xfs: wait iclog complete before tearing down AIL (bsc#1211811). * xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). * xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). * xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3171=1 openSUSE-SLE-15.4-2023-3171=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3171=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3171=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3171=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3171=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3171=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3171=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3171=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3171=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3171=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3171=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3171=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3171=1 ## Package List: * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-5.14.21-150400.24.74.1 * kernel-source-vanilla-5.14.21-150400.24.74.1 * kernel-macros-5.14.21-150400.24.74.1 * kernel-docs-html-5.14.21-150400.24.74.1 * kernel-source-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-debugsource-5.14.21-150400.24.74.1 * kernel-debug-debuginfo-5.14.21-150400.24.74.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.74.1 * kernel-debug-devel-5.14.21-150400.24.74.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-5.14.21-150400.24.74.1 * kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3 * kernel-default-base-rebuild-5.14.21-150400.24.74.1.150400.24.33.3 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.74.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.74.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.74.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.74.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.74.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.74.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.74.1 * kselftests-kmp-default-5.14.21-150400.24.74.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.74.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.74.1 * kernel-default-livepatch-5.14.21-150400.24.74.1 * gfs2-kmp-default-5.14.21-150400.24.74.1 * kernel-default-livepatch-devel-5.14.21-150400.24.74.1 * kernel-obs-build-debugsource-5.14.21-150400.24.74.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.74.1 * ocfs2-kmp-default-5.14.21-150400.24.74.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.74.1 * kernel-obs-qa-5.14.21-150400.24.74.1 * dlm-kmp-default-5.14.21-150400.24.74.1 * kernel-default-devel-5.14.21-150400.24.74.1 * reiserfs-kmp-default-5.14.21-150400.24.74.1 * kernel-syms-5.14.21-150400.24.74.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.74.1 * cluster-md-kmp-default-5.14.21-150400.24.74.1 * kernel-default-extra-5.14.21-150400.24.74.1 * kernel-default-optional-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * kernel-obs-build-5.14.21-150400.24.74.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-1-150400.9.3.3 * kernel-livepatch-SLE15-SP4_Update_15-debugsource-1-150400.9.3.3 * kernel-livepatch-5_14_21-150400_24_74-default-1-150400.9.3.3 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.74.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (aarch64) * kernel-64kb-devel-5.14.21-150400.24.74.1 * dtb-exynos-5.14.21-150400.24.74.1 * kselftests-kmp-64kb-5.14.21-150400.24.74.1 * kernel-64kb-debuginfo-5.14.21-150400.24.74.1 * kernel-64kb-debugsource-5.14.21-150400.24.74.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.74.1 * reiserfs-kmp-64kb-5.14.21-150400.24.74.1 * ocfs2-kmp-64kb-5.14.21-150400.24.74.1 * dtb-arm-5.14.21-150400.24.74.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.74.1 * cluster-md-kmp-64kb-5.14.21-150400.24.74.1 * dtb-sprd-5.14.21-150400.24.74.1 * dtb-qcom-5.14.21-150400.24.74.1 * dtb-allwinner-5.14.21-150400.24.74.1 * dtb-nvidia-5.14.21-150400.24.74.1 * dtb-lg-5.14.21-150400.24.74.1 * dtb-hisilicon-5.14.21-150400.24.74.1 * kernel-64kb-extra-5.14.21-150400.24.74.1 * dtb-rockchip-5.14.21-150400.24.74.1 * dtb-cavium-5.14.21-150400.24.74.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.74.1 * kernel-64kb-optional-5.14.21-150400.24.74.1 * dtb-apm-5.14.21-150400.24.74.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.74.1 * dtb-socionext-5.14.21-150400.24.74.1 * dtb-amlogic-5.14.21-150400.24.74.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.74.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.74.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.74.1 * dtb-marvell-5.14.21-150400.24.74.1 * dtb-amazon-5.14.21-150400.24.74.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.74.1 * dtb-freescale-5.14.21-150400.24.74.1 * dtb-mediatek-5.14.21-150400.24.74.1 * dtb-apple-5.14.21-150400.24.74.1 * gfs2-kmp-64kb-5.14.21-150400.24.74.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.74.1 * dtb-xilinx-5.14.21-150400.24.74.1 * dlm-kmp-64kb-5.14.21-150400.24.74.1 * dtb-amd-5.14.21-150400.24.74.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.74.1 * dtb-renesas-5.14.21-150400.24.74.1 * dtb-broadcom-5.14.21-150400.24.74.1 * dtb-altera-5.14.21-150400.24.74.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.74.1 * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.74.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-debugsource-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3 * openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.74.1 * openSUSE Leap Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.74.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-debuginfo-5.14.21-150400.24.74.1 * kernel-64kb-debugsource-5.14.21-150400.24.74.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.74.1 * kernel-64kb-devel-5.14.21-150400.24.74.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.74.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150400.24.74.1 * kernel-default-debugsource-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.74.1 * Basesystem Module 15-SP4 (noarch) * kernel-macros-5.14.21-150400.24.74.1 * kernel-devel-5.14.21-150400.24.74.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.74.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.74.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.74.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.74.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.74.1 * kernel-obs-build-debugsource-5.14.21-150400.24.74.1 * kernel-obs-build-5.14.21-150400.24.74.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.74.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.74.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.74.1 * reiserfs-kmp-default-5.14.21-150400.24.74.1 * kernel-default-debugsource-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.74.1 * kernel-livepatch-5_14_21-150400_24_74-default-1-150400.9.3.3 * kernel-livepatch-SLE15-SP4_Update_15-debugsource-1-150400.9.3.3 * kernel-default-livepatch-devel-5.14.21-150400.24.74.1 * kernel-default-livepatch-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-1-150400.9.3.3 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-5.14.21-150400.24.74.1 * kernel-default-debugsource-5.14.21-150400.24.74.1 * dlm-kmp-default-5.14.21-150400.24.74.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.74.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.74.1 * ocfs2-kmp-default-5.14.21-150400.24.74.1 * gfs2-kmp-default-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.74.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.74.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.74.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150400.24.74.1 * kernel-default-debugsource-5.14.21-150400.24.74.1 * kernel-default-debuginfo-5.14.21-150400.24.74.1 * kernel-default-extra-5.14.21-150400.24.74.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://bugzilla.suse.com/show_bug.cgi?id=1150305 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1207894 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210565 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1210853 * https://bugzilla.suse.com/show_bug.cgi?id=1211243 * https://bugzilla.suse.com/show_bug.cgi?id=1211811 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1212905 * https://bugzilla.suse.com/show_bug.cgi?id=1213010 * https://bugzilla.suse.com/show_bug.cgi?id=1213011 * https://bugzilla.suse.com/show_bug.cgi?id=1213012 * https://bugzilla.suse.com/show_bug.cgi?id=1213013 * https://bugzilla.suse.com/show_bug.cgi?id=1213014 * https://bugzilla.suse.com/show_bug.cgi?id=1213015 * https://bugzilla.suse.com/show_bug.cgi?id=1213016 * https://bugzilla.suse.com/show_bug.cgi?id=1213017 * https://bugzilla.suse.com/show_bug.cgi?id=1213018 * https://bugzilla.suse.com/show_bug.cgi?id=1213019 * https://bugzilla.suse.com/show_bug.cgi?id=1213020 * https://bugzilla.suse.com/show_bug.cgi?id=1213021 * https://bugzilla.suse.com/show_bug.cgi?id=1213024 * https://bugzilla.suse.com/show_bug.cgi?id=1213025 * https://bugzilla.suse.com/show_bug.cgi?id=1213032 * https://bugzilla.suse.com/show_bug.cgi?id=1213034 * https://bugzilla.suse.com/show_bug.cgi?id=1213035 * https://bugzilla.suse.com/show_bug.cgi?id=1213036 * https://bugzilla.suse.com/show_bug.cgi?id=1213037 * https://bugzilla.suse.com/show_bug.cgi?id=1213038 * https://bugzilla.suse.com/show_bug.cgi?id=1213039 * https://bugzilla.suse.com/show_bug.cgi?id=1213040 * https://bugzilla.suse.com/show_bug.cgi?id=1213041 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213087 * https://bugzilla.suse.com/show_bug.cgi?id=1213088 * https://bugzilla.suse.com/show_bug.cgi?id=1213089 * https://bugzilla.suse.com/show_bug.cgi?id=1213090 * https://bugzilla.suse.com/show_bug.cgi?id=1213092 * https://bugzilla.suse.com/show_bug.cgi?id=1213093 * https://bugzilla.suse.com/show_bug.cgi?id=1213094 * https://bugzilla.suse.com/show_bug.cgi?id=1213095 * https://bugzilla.suse.com/show_bug.cgi?id=1213096 * https://bugzilla.suse.com/show_bug.cgi?id=1213098 * https://bugzilla.suse.com/show_bug.cgi?id=1213099 * https://bugzilla.suse.com/show_bug.cgi?id=1213100 * https://bugzilla.suse.com/show_bug.cgi?id=1213102 * https://bugzilla.suse.com/show_bug.cgi?id=1213103 * https://bugzilla.suse.com/show_bug.cgi?id=1213104 * https://bugzilla.suse.com/show_bug.cgi?id=1213105 * https://bugzilla.suse.com/show_bug.cgi?id=1213106 * https://bugzilla.suse.com/show_bug.cgi?id=1213107 * https://bugzilla.suse.com/show_bug.cgi?id=1213108 * https://bugzilla.suse.com/show_bug.cgi?id=1213109 * https://bugzilla.suse.com/show_bug.cgi?id=1213110 * https://bugzilla.suse.com/show_bug.cgi?id=1213111 * https://bugzilla.suse.com/show_bug.cgi?id=1213112 * https://bugzilla.suse.com/show_bug.cgi?id=1213113 * https://bugzilla.suse.com/show_bug.cgi?id=1213114 * https://bugzilla.suse.com/show_bug.cgi?id=1213134 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213247 * https://bugzilla.suse.com/show_bug.cgi?id=1213252 * https://bugzilla.suse.com/show_bug.cgi?id=1213258 * https://bugzilla.suse.com/show_bug.cgi?id=1213259 * https://bugzilla.suse.com/show_bug.cgi?id=1213263 * https://bugzilla.suse.com/show_bug.cgi?id=1213264 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213523 * https://bugzilla.suse.com/show_bug.cgi?id=1213524 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 09:41:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 09:41:21 -0000 Subject: SUSE-RU-2023:3170-1: moderate: Recommended update for perl-Bootloader Message-ID: <169105568147.21080.2502696924519696068@smelt2.suse.de> # Recommended update for perl-Bootloader Announcement ID: SUSE-RU-2023:3170-1 Rating: moderate References: * #1201399 * #1208003 * #1210799 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for perl-Bootloader fixes the following issues: * Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) * UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) * Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) * Add basic support for systemd-boot ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3170=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3170=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3170=1 SUSE-2023-3170=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3170=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3170=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3170=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3170=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3170=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3170=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3170=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3170=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3170=1 ## Package List: * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-YAML-0.944-150400.3.6.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-YAML-0.944-150400.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * perl-Bootloader-YAML-0.944-150400.3.6.1 * perl-Bootloader-0.944-150400.3.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * perl-Bootloader-0.944-150400.3.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * perl-Bootloader-0.944-150400.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-YAML-0.944-150400.3.6.1 * perl-Bootloader-0.944-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * perl-Bootloader-0.944-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * perl-Bootloader-0.944-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * perl-Bootloader-0.944-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * perl-Bootloader-0.944-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-0.944-150400.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * perl-Bootloader-0.944-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201399 * https://bugzilla.suse.com/show_bug.cgi?id=1208003 * https://bugzilla.suse.com/show_bug.cgi?id=1210799 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 09:41:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 09:41:24 -0000 Subject: SUSE-RU-2023:3169-1: moderate: Recommended update for multipath-tools Message-ID: <169105568461.21080.9884637734956096216@smelt2.suse.de> # Recommended update for multipath-tools Announcement ID: SUSE-RU-2023:3169-1 Rating: moderate References: * #1212440 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for multipath-tools fixes the following issues: * libmultipath: Fix `dev_loss_tmo` even if not set in configuration (bsc#1212440) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3169=1 openSUSE-SLE-15.4-2023-3169=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3169=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3169=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3169=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3169=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3169=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3169=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3169=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libdmmp0_2_0-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-devel-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-0.9.0+119+suse.308c007-150400.4.16.1 * libdmmp0_2_0-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-0.9.0+119+suse.308c007-150400.4.16.1 * libdmmp-devel-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debugsource-0.9.0+119+suse.308c007-150400.4.16.1 * kpartx-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * kpartx-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kpartx-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debugsource-0.9.0+119+suse.308c007-150400.4.16.1 * kpartx-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-0.9.0+119+suse.308c007-150400.4.16.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * kpartx-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debugsource-0.9.0+119+suse.308c007-150400.4.16.1 * kpartx-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-0.9.0+119+suse.308c007-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kpartx-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debugsource-0.9.0+119+suse.308c007-150400.4.16.1 * kpartx-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-0.9.0+119+suse.308c007-150400.4.16.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kpartx-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debugsource-0.9.0+119+suse.308c007-150400.4.16.1 * kpartx-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-0.9.0+119+suse.308c007-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kpartx-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debugsource-0.9.0+119+suse.308c007-150400.4.16.1 * kpartx-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-0.9.0+119+suse.308c007-150400.4.16.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kpartx-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debugsource-0.9.0+119+suse.308c007-150400.4.16.1 * kpartx-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-0.9.0+119+suse.308c007-150400.4.16.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libdmmp0_2_0-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-devel-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-0.9.0+119+suse.308c007-150400.4.16.1 * libdmmp0_2_0-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-0.9.0+119+suse.308c007-150400.4.16.1 * libdmmp-devel-0.9.0+119+suse.308c007-150400.4.16.1 * multipath-tools-debugsource-0.9.0+119+suse.308c007-150400.4.16.1 * kpartx-0.9.0+119+suse.308c007-150400.4.16.1 * libmpath0-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 * kpartx-debuginfo-0.9.0+119+suse.308c007-150400.4.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212440 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 12:30:02 -0000 Subject: SUSE-RU-2023:3178-1: moderate: Recommended update for multipath-tools Message-ID: <169106580258.10158.2657383721476626846@smelt2.suse.de> # Recommended update for multipath-tools Announcement ID: SUSE-RU-2023:3178-1 Rating: moderate References: * #1212440 * #1212854 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for multipath-tools fixes the following issues: * libmultipath: Ignore nvme devices if nvme native multipath is enabled (bsc#1212854) * libmultipath: Fix `dev_loss_tmo` even if not set in configuration (bsc#1212440) Note: This changes user-visible behavior. `multipathd` will not grab any nvme devices for dm-multipath if nvme native multipathing is on (which is the default). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3178=1 openSUSE-SLE-15.5-2023-3178=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3178=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libmpath0-0.9.4+74+suse.f97cc59-150500.3.3.1 * libmpath0-debuginfo-0.9.4+74+suse.f97cc59-150500.3.3.1 * libdmmp0_2_0-debuginfo-0.9.4+74+suse.f97cc59-150500.3.3.1 * multipath-tools-debugsource-0.9.4+74+suse.f97cc59-150500.3.3.1 * libdmmp-devel-0.9.4+74+suse.f97cc59-150500.3.3.1 * libdmmp0_2_0-0.9.4+74+suse.f97cc59-150500.3.3.1 * kpartx-0.9.4+74+suse.f97cc59-150500.3.3.1 * multipath-tools-0.9.4+74+suse.f97cc59-150500.3.3.1 * multipath-tools-devel-0.9.4+74+suse.f97cc59-150500.3.3.1 * multipath-tools-debuginfo-0.9.4+74+suse.f97cc59-150500.3.3.1 * kpartx-debuginfo-0.9.4+74+suse.f97cc59-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmpath0-0.9.4+74+suse.f97cc59-150500.3.3.1 * libmpath0-debuginfo-0.9.4+74+suse.f97cc59-150500.3.3.1 * libdmmp0_2_0-debuginfo-0.9.4+74+suse.f97cc59-150500.3.3.1 * multipath-tools-debugsource-0.9.4+74+suse.f97cc59-150500.3.3.1 * libdmmp-devel-0.9.4+74+suse.f97cc59-150500.3.3.1 * libdmmp0_2_0-0.9.4+74+suse.f97cc59-150500.3.3.1 * kpartx-0.9.4+74+suse.f97cc59-150500.3.3.1 * multipath-tools-0.9.4+74+suse.f97cc59-150500.3.3.1 * multipath-tools-devel-0.9.4+74+suse.f97cc59-150500.3.3.1 * multipath-tools-debuginfo-0.9.4+74+suse.f97cc59-150500.3.3.1 * kpartx-debuginfo-0.9.4+74+suse.f97cc59-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212440 * https://bugzilla.suse.com/show_bug.cgi?id=1212854 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 12:30:05 -0000 Subject: SUSE-RU-2023:3175-1: moderate: Recommended update for cryptsetup Message-ID: <169106580522.10158.11233530673822947625@smelt2.suse.de> # Recommended update for cryptsetup Announcement ID: SUSE-RU-2023:3175-1 Rating: moderate References: * #1211079 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for cryptsetup fixes the following issues: * Handle system with low memory and no swap space (bsc#1211079) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3175=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3175=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3175=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3175=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * cryptsetup-debugsource-2.0.6-3.6.1 * cryptsetup-debuginfo-2.0.6-3.6.1 * libcryptsetup-devel-2.0.6-3.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libcryptsetup12-2.0.6-3.6.1 * libcryptsetup12-debuginfo-2.0.6-3.6.1 * cryptsetup-debugsource-2.0.6-3.6.1 * libcryptsetup12-hmac-2.0.6-3.6.1 * cryptsetup-2.0.6-3.6.1 * cryptsetup-debuginfo-2.0.6-3.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libcryptsetup12-debuginfo-32bit-2.0.6-3.6.1 * libcryptsetup12-hmac-32bit-2.0.6-3.6.1 * libcryptsetup12-32bit-2.0.6-3.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libcryptsetup12-2.0.6-3.6.1 * libcryptsetup12-debuginfo-2.0.6-3.6.1 * cryptsetup-debugsource-2.0.6-3.6.1 * libcryptsetup12-hmac-2.0.6-3.6.1 * cryptsetup-2.0.6-3.6.1 * cryptsetup-debuginfo-2.0.6-3.6.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libcryptsetup12-debuginfo-32bit-2.0.6-3.6.1 * libcryptsetup12-hmac-32bit-2.0.6-3.6.1 * libcryptsetup12-32bit-2.0.6-3.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libcryptsetup12-2.0.6-3.6.1 * libcryptsetup12-debuginfo-2.0.6-3.6.1 * cryptsetup-debugsource-2.0.6-3.6.1 * libcryptsetup12-hmac-2.0.6-3.6.1 * cryptsetup-2.0.6-3.6.1 * cryptsetup-debuginfo-2.0.6-3.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libcryptsetup12-debuginfo-32bit-2.0.6-3.6.1 * libcryptsetup12-hmac-32bit-2.0.6-3.6.1 * libcryptsetup12-32bit-2.0.6-3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211079 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 16:30:03 -0000 Subject: SUSE-SU-2023:3179-1: moderate: Security update for openssl-1_1 Message-ID: <169108020374.23898.14385030832532485797@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:3179-1 Rating: moderate References: * #1201627 * #1207534 * #1213487 Cross-References: * CVE-2022-4304 * CVE-2023-3446 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3446 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). * CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). * Update further expiring certificates that affect tests [bsc#1201627] ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3179=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3179=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3179=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3179=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3179=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3179=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3179=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3179=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3179=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3179=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3179=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3179=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3179=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3179=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3179=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3179=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.72.1 * SUSE Manager Proxy 4.2 (x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Manager Server 4.2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.72.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Enterprise Storage 7.1 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.72.1 * SUSE Enterprise Storage 7.1 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.72.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Enterprise Storage 7 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.72.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.72.1 * libopenssl1_1-hmac-1.1.1d-150200.11.72.1 * openssl-1_1-1.1.1d-150200.11.72.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.72.1 * libopenssl-1_1-devel-1.1.1d-150200.11.72.1 * libopenssl1_1-1.1.1d-150200.11.72.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.72.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://www.suse.com/security/cve/CVE-2023-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1201627 * https://bugzilla.suse.com/show_bug.cgi?id=1207534 * https://bugzilla.suse.com/show_bug.cgi?id=1213487 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 20:30:03 -0000 Subject: SUSE-SU-2023:3186-1: low: Security update for ImageMagick Message-ID: <169109460392.13778.14078219901560049985@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:3186-1 Rating: low References: * #1213624 Cross-References: * CVE-2023-3745 CVSS scores: * CVE-2023-3745 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-3745 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum- private.h (bsc#1213624). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3186=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.51.1 * libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1 * libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.51.1 * libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.51.1 * libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1 * libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.51.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.51.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.51.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.51.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.51.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.51.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.51.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3745.html * https://bugzilla.suse.com/show_bug.cgi?id=1213624 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 20:30:06 -0000 Subject: SUSE-SU-2023:3185-1: moderate: Security update for pipewire Message-ID: <169109460602.13778.11297234338243345338@smelt2.suse.de> # Security update for pipewire Announcement ID: SUSE-SU-2023:3185-1 Rating: moderate References: * #1213682 Affected Products: * openSUSE Leap 15.4 An update that has one fix can now be installed. ## Description: This update for pipewire fixes the following security issues: * Fixed issue where an app which only has permission to access one stream can also access other streams (bsc#1213682). Bugfixes: \- Fixed division by 0 and other issues with invalid values (glfo#pipewire/pipewire#2953) \- Fixed an overflow resulting in choppy sound in some cases (glfo#pipewire/pipewire#2680) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3185=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pipewire-modules-0.3.24-150300.4.6.1 * pipewire-modules-debuginfo-0.3.24-150300.4.6.1 * openSUSE Leap 15.4 (x86_64) * pipewire-modules-32bit-debuginfo-0.3.24-150300.4.6.1 * pipewire-modules-32bit-0.3.24-150300.4.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213682 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 20:30:09 -0000 Subject: SUSE-SU-2023:3184-1: low: Security update for python-pip Message-ID: <169109460906.13778.10483883377286153694@smelt2.suse.de> # Security update for python-pip Announcement ID: SUSE-SU-2023:3184-1 Rating: low References: * #1212015 Affected Products: * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one fix can now be installed. ## Description: This update for python-pip fixes the following issues: * Removed .exe files from the RPM package, to prevent issues with security scanners (bsc#1212015). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3184=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3184=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3184=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3184=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-pip-wheel-10.0.1-150000.3.12.1 * SUSE Manager Proxy 4.2 (noarch) * python3-pip-wheel-10.0.1-150000.3.12.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-pip-wheel-10.0.1-150000.3.12.1 * SUSE Manager Server 4.2 (noarch) * python3-pip-wheel-10.0.1-150000.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212015 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 20:30:11 -0000 Subject: SUSE-SU-2023:3183-1: low: Security update for python-pip Message-ID: <169109461189.13778.7188290744149373155@smelt2.suse.de> # Security update for python-pip Announcement ID: SUSE-SU-2023:3183-1 Rating: low References: * #1212015 Affected Products: * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one fix can now be installed. ## Description: This update for python-pip fixes the following issues: * Removed .exe files from the RPM package, to prevent issues with security scanners (bsc#1212015). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3183=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3183=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3183=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3183=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-pip-20.0.2-150100.6.21.1 * SUSE Manager Server 4.2 (noarch) * python2-pip-20.0.2-150100.6.21.1 * python3-pip-20.0.2-150100.6.21.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-pip-20.0.2-150100.6.21.1 * SUSE Manager Proxy 4.2 (noarch) * python3-pip-20.0.2-150100.6.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212015 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 20:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 20:30:30 -0000 Subject: SUSE-SU-2023:3182-1: important: Security update for the Linux Kernel Message-ID: <169109463075.13778.10073664216046838743@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3182-1 Rating: important References: * #1150305 * #1193629 * #1194869 * #1207894 * #1208788 * #1210565 * #1210584 * #1210853 * #1211243 * #1211811 * #1211867 * #1212301 * #1212846 * #1212905 * #1213010 * #1213011 * #1213012 * #1213013 * #1213014 * #1213015 * #1213016 * #1213017 * #1213018 * #1213019 * #1213020 * #1213021 * #1213024 * #1213025 * #1213032 * #1213034 * #1213035 * #1213036 * #1213037 * #1213038 * #1213039 * #1213040 * #1213041 * #1213059 * #1213061 * #1213087 * #1213088 * #1213089 * #1213090 * #1213092 * #1213093 * #1213094 * #1213095 * #1213096 * #1213098 * #1213099 * #1213100 * #1213102 * #1213103 * #1213104 * #1213105 * #1213106 * #1213107 * #1213108 * #1213109 * #1213110 * #1213111 * #1213112 * #1213113 * #1213114 * #1213134 * #1213245 * #1213247 * #1213252 * #1213258 * #1213259 * #1213263 * #1213264 * #1213286 * #1213523 * #1213524 * #1213543 * #1213585 * #1213586 * #1213705 Cross-References: * CVE-2023-20593 * CVE-2023-2985 * CVE-2023-3117 * CVE-2023-31248 * CVE-2023-3390 * CVE-2023-35001 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3812 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves nine vulnerabilities, contains one feature and has 70 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3609: Fixed an use-after-free vulnerability in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write vulnerability in net/sched (bsc#1213585). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). The following non-security bugs were fixed: * Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). * Drop patch that caused issues with k3s (bsc#1213705). * Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) * Fix documentation of panic_on_warn (git-fixes). * Fixed launch issue on 15-SP5 (git-fixes, bsc#1210853). * Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git- fixes) * Revert "drm/amd/display: edp do not add non-edid timings" (git-fixes). * acpi: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). * alsa: fireface: make read-only const array for model names static (git- fixes). * alsa: hda/realtek - remove 3k pull low procedure (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). * alsa: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). * alsa: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). * alsa: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). * alsa: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). * alsa: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). * alsa: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). * alsa: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). * alsa: hda/realtek: Whitespace fix (git-fixes). * alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). * alsa: oxfw: make read-only const array models static (git-fixes). * alsa: pcm: Fix potential data race at PCM memory allocation helpers (git- fixes). * apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). * arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) * arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git- fixes) * arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) * arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) * asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git- fixes). * asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes). * asoc: codecs: wcd938x: fix codec initialisation race (git-fixes). * asoc: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). * asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). * asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes). * asoc: tegra: Fix ADX byte map (git-fixes). * asoc: tegra: Fix AMX byte map (git-fixes). * can: bcm: Fix UAF in bcm_proc_show() (git-fixes). * cifs: add a warning when the in-flight count goes negative (bsc#1193629). * cifs: address unused variable warning (bsc#1193629). * cifs: do all necessary checks for credits within or before locking (bsc#1193629). * cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). * cifs: fix max_credits implementation (bsc#1193629). * cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). * cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). * cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). * cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). * cifs: fix status checks in cifs_tree_connect (bsc#1193629). * cifs: log session id when a matching ses is not found (bsc#1193629). * cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). * cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). * cifs: print all credit counters in DebugData (bsc#1193629). * cifs: print client_guid in DebugData (bsc#1193629). * cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). * cifs: print nosharesock value while dumping mount options (bsc#1193629). * clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git- fixes). * clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). * codel: fix kernel-doc notation warnings (git-fixes). * crypto: kpp - Add helper to set reqsize (git-fixes). * crypto: qat - Use helper to set reqsize (git-fixes). * devlink: fix kernel-doc notation warnings (git-fixes). * docs: networking: Update codeaurora references for rmnet (git-fixes). * documentation: bonding: fix the doc of peer_notif_delay (git-fixes). * documentation: timers: hrtimers: Make hybrid union historical (git-fixes). * drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). * drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). * drm/amdgpu: Validate VM ioctl flags (git-fixes). * drm/amdgpu: avoid restore process run into dead loop (git-fixes). * drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git- fixes). * drm/atomic: Allow vblank-enabled + self-refresh "disable" (git-fixes). * drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). * drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git- fixes). * drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). * drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). * drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git- fixes). * drm/i915: Fix one wrong caching mode enum usage (git-fixes). * drm/msm/disp/dpu: get timing engine status from intf status register (git- fixes). * drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). * drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git- fixes). * drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). * drm/ttm: Do not leak a resource on swapout move error (git-fixes). * dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in "compatible" conditional schema (git-fixes). * ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). * ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). * ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). * ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). * ext4: add strict range checks while freeing blocks (bsc#1213089). * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). * ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). * ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). * ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). * ext4: disallow ea_inodes with extended attributes (bsc#1213108). * ext4: fail ext4_iget if special inode unallocated (bsc#1213010). * ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). * ext4: fix WARNING in mb_find_extent (bsc#1213099). * ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). * ext4: fix data races when using cached status extents (bsc#1213102). * ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). * ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). * ext4: fix lockdep warning when enabling MMP (bsc#1213100). * ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). * ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). * ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). * ext4: improve error handling from ext4_dirhash() (bsc#1213104). * ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). * ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). * ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). * ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). * ext4: refuse to create ea block when umounted (bsc#1213093). * ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). * ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). * ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). * ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). * ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). * fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). * fbdev: imxfb: warn about invalid left/right margin (git-fixes). * fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). * fuse: revalidate: do not invalidate if interrupted (bsc#1213523). * hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). * hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). * hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). * hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). * hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). * hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). * hwmon: (adm1275) Allow setting sample averaging (git-fixes). * hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). * i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). * i2c: xiic: Do not try to handle more interrupt events after error (git- fixes). * ib/hfi1: Use bitmap_zalloc() when applicable (git-fixes) * inotify: Avoid reporting event with invalid wd (bsc#1213025). * jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). * jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). * kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). * kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of- tree production drivers * kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). * leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git- fixes). * media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). * media: cec: i2c: ch7322: also select REGMAP (git-fixes). * media: i2c: Correct format propagation for st-mipid02 (git-fixes). * media: usb: Check az6007_read() return value (git-fixes). * media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). * media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). * media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). * memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). * mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). * mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). * net: mana: Add support for vlan tagging (bsc#1212301). * net: phy: prevent stale pointer dereference in phy_init() (git-fixes). * ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). * ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). * ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). * ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). * ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). * nvme-multipath: support io stats on the mpath device (bsc#1210565). * nvme: introduce nvme_start_request (bsc#1210565). * ocfs2: Switch to security_inode_init_security() (git-fixes). * ocfs2: check new file size on fallocate call (git-fixes). * ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). * opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). * pci/pm: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). * pci: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). * phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB" (git- fixes). * phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). * phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). * pie: fix kernel-doc notation warning (git-fixes). * pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). * pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). * pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). * powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). * powerpc/64s: Fix VAS mm use after free (bsc#1194869). * powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). * powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). * powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). * powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). * powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross- boundary (bsc#1150305 ltc#176097 git-fixes). * powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). * powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). * powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). * powerpc/prom_init: Fix kernel config grep (bsc#1194869). * powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). * powerpc: clean vdso32 and vdso64 directories (bsc#1194869). * powerpc: define get_cycles macro for arch-override (bsc#1194869). * powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). * pwm: ab8500: Fix error code in probe() (git-fixes). * pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). * pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). * rdma/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) * rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS__. * rsi: remove kernel-doc comment marker (git-fixes). * s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). * s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). * s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). * s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). * s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). * s390: discard .interp section (git-fixes bsc#1213247). * sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) * sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) * security: keys: Modify mismatched function name (git-fixes). * selftests: mptcp: depend on SYN_COOKIES (git-fixes). * selftests: mptcp: sockopt: return error if wrong mark (git-fixes). * selftests: rtnetlink: remove netdevsim device after ipsec offload test (git- fixes). * selftests: tc: add 'ct' action kconfig dep (git-fixes). * selftests: tc: add ConnTrack procfs kconfig (git-fixes). * selftests: tc: set timeout to 15 minutes (git-fixes). * signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). * signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). * smb3: do not reserve too many oplock credits (bsc#1193629). * smb3: missing null check in SMB2_change_notify (bsc#1193629). * smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). * smb: client: fix missed ses refcounting (git-fixes). * smb: client: fix parsing of source mount option (bsc#1193629). * smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). * smb: client: fix warning in CIFSFindFirst() (bsc#1193629). * smb: client: fix warning in CIFSFindNext() (bsc#1193629). * smb: client: fix warning in cifs_match_super() (bsc#1193629). * smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). * smb: client: fix warning in generic_ip_connect() (bsc#1193629). * smb: client: improve DFS mount check (bsc#1193629). * smb: client: remove redundant pointer 'server' (bsc#1193629). * smb: delete an unnecessary statement (bsc#1193629). * smb: move client and server files to common directory fs/smb (bsc#1193629). * smb: remove obsolete comment (bsc#1193629). * soundwire: qcom: fix storing port config out-of-bounds (git-fixes). * spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git- fixes). * spi: bcm63xx: fix max prepend length (git-fixes). * tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git- fixes). * tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). * ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). * udf: Avoid double brelse() in udf_rename() (bsc#1213032). * udf: Define EFSCORRUPTED error code (bsc#1213038). * udf: Detect system inodes linked into directory hierarchy (bsc#1213114). * udf: Discard preallocation before extending file with a hole (bsc#1213036). * udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). * udf: Do not bother merging very long extents (bsc#1213040). * udf: Do not update file length for failed writes to inline files (bsc#1213041). * udf: Fix error handling in udf_new_inode() (bsc#1213112). * udf: Fix extending file within last block (bsc#1213037). * udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). * udf: Preserve link count of system files (bsc#1213113). * udf: Truncate added extents on failed expansion (bsc#1213039). * usb: dwc2: Fix some error handling paths (git-fixes). * usb: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). * usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). * usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). * usb: serial: option: add LARA-R6 01B PIDs (git-fixes). * wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). * wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). * wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). * wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git- fixes). * wl3501_cs: use eth_hw_addr_set() (git-fixes). * writeback: fix call of incorrect macro (bsc#1213024). * x86: Fix .brk attribute in linker script (git-fixes). * xfs: AIL needs asynchronous CIL forcing (bsc#1211811). * xfs: CIL work is serialised, not pipelined (bsc#1211811). * xfs: XLOG_STATE_IOERROR must die (bsc#1211811). * xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). * xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). * xfs: clean up the rtbitmap fsmap backend (git-fixes). * xfs: do not deplete the reserve pool when trying to shrink the fs (git- fixes). * xfs: do not reverse order of items in bulk AIL insertion (git-fixes). * xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). * xfs: drop async cache flushes from CIL commits (bsc#1211811). * xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). * xfs: fix getfsmap reporting past the last rt extent (git-fixes). * xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git- fixes). * xfs: fix interval filtering in multi-step fsmap queries (git-fixes). * xfs: fix logdev fsmap query result filtering (git-fixes). * xfs: fix off-by-one error when the last rt extent is in use (git-fixes). * xfs: fix uninitialized variable access (git-fixes). * xfs: make fsmap backend function key parameters const (git-fixes). * xfs: make the record pointer passed to query_range functions const (git- fixes). * xfs: move the CIL workqueue to the CIL (bsc#1211811). * xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). * xfs: order CIL checkpoint start records (bsc#1211811). * xfs: pass a CIL context to xlog_write() (bsc#1211811). * xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). * xfs: rework xlog_state_do_callback() (bsc#1211811). * xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). * xfs: separate out log shutdown callback processing (bsc#1211811). * xfs: wait iclog complete before tearing down AIL (bsc#1211811). * xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). * xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). * xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3182=1 openSUSE-SLE-15.4-2023-3182=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3182=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * kernel-azure-extra-5.14.21-150400.14.60.1 * kernel-azure-debugsource-5.14.21-150400.14.60.1 * kernel-syms-azure-5.14.21-150400.14.60.1 * kernel-azure-devel-5.14.21-150400.14.60.1 * cluster-md-kmp-azure-5.14.21-150400.14.60.1 * dlm-kmp-azure-5.14.21-150400.14.60.1 * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.60.1 * kernel-azure-optional-5.14.21-150400.14.60.1 * kselftests-kmp-azure-5.14.21-150400.14.60.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.60.1 * ocfs2-kmp-azure-5.14.21-150400.14.60.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.60.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.60.1 * kernel-azure-optional-debuginfo-5.14.21-150400.14.60.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.60.1 * reiserfs-kmp-azure-5.14.21-150400.14.60.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.60.1 * kernel-azure-debuginfo-5.14.21-150400.14.60.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.60.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.60.1 * gfs2-kmp-azure-5.14.21-150400.14.60.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.60.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.60.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-azure-5.14.21-150400.14.60.1 * kernel-source-azure-5.14.21-150400.14.60.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.60.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-debuginfo-5.14.21-150400.14.60.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.60.1 * kernel-syms-azure-5.14.21-150400.14.60.1 * kernel-azure-debugsource-5.14.21-150400.14.60.1 * kernel-azure-devel-5.14.21-150400.14.60.1 * Public Cloud Module 15-SP4 (noarch) * kernel-devel-azure-5.14.21-150400.14.60.1 * kernel-source-azure-5.14.21-150400.14.60.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://bugzilla.suse.com/show_bug.cgi?id=1150305 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1207894 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210565 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1210853 * https://bugzilla.suse.com/show_bug.cgi?id=1211243 * https://bugzilla.suse.com/show_bug.cgi?id=1211811 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1212905 * https://bugzilla.suse.com/show_bug.cgi?id=1213010 * https://bugzilla.suse.com/show_bug.cgi?id=1213011 * https://bugzilla.suse.com/show_bug.cgi?id=1213012 * https://bugzilla.suse.com/show_bug.cgi?id=1213013 * https://bugzilla.suse.com/show_bug.cgi?id=1213014 * https://bugzilla.suse.com/show_bug.cgi?id=1213015 * https://bugzilla.suse.com/show_bug.cgi?id=1213016 * https://bugzilla.suse.com/show_bug.cgi?id=1213017 * https://bugzilla.suse.com/show_bug.cgi?id=1213018 * https://bugzilla.suse.com/show_bug.cgi?id=1213019 * https://bugzilla.suse.com/show_bug.cgi?id=1213020 * https://bugzilla.suse.com/show_bug.cgi?id=1213021 * https://bugzilla.suse.com/show_bug.cgi?id=1213024 * https://bugzilla.suse.com/show_bug.cgi?id=1213025 * https://bugzilla.suse.com/show_bug.cgi?id=1213032 * https://bugzilla.suse.com/show_bug.cgi?id=1213034 * https://bugzilla.suse.com/show_bug.cgi?id=1213035 * https://bugzilla.suse.com/show_bug.cgi?id=1213036 * https://bugzilla.suse.com/show_bug.cgi?id=1213037 * https://bugzilla.suse.com/show_bug.cgi?id=1213038 * https://bugzilla.suse.com/show_bug.cgi?id=1213039 * https://bugzilla.suse.com/show_bug.cgi?id=1213040 * https://bugzilla.suse.com/show_bug.cgi?id=1213041 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213087 * https://bugzilla.suse.com/show_bug.cgi?id=1213088 * https://bugzilla.suse.com/show_bug.cgi?id=1213089 * https://bugzilla.suse.com/show_bug.cgi?id=1213090 * https://bugzilla.suse.com/show_bug.cgi?id=1213092 * https://bugzilla.suse.com/show_bug.cgi?id=1213093 * https://bugzilla.suse.com/show_bug.cgi?id=1213094 * https://bugzilla.suse.com/show_bug.cgi?id=1213095 * https://bugzilla.suse.com/show_bug.cgi?id=1213096 * https://bugzilla.suse.com/show_bug.cgi?id=1213098 * https://bugzilla.suse.com/show_bug.cgi?id=1213099 * https://bugzilla.suse.com/show_bug.cgi?id=1213100 * https://bugzilla.suse.com/show_bug.cgi?id=1213102 * https://bugzilla.suse.com/show_bug.cgi?id=1213103 * https://bugzilla.suse.com/show_bug.cgi?id=1213104 * https://bugzilla.suse.com/show_bug.cgi?id=1213105 * https://bugzilla.suse.com/show_bug.cgi?id=1213106 * https://bugzilla.suse.com/show_bug.cgi?id=1213107 * https://bugzilla.suse.com/show_bug.cgi?id=1213108 * https://bugzilla.suse.com/show_bug.cgi?id=1213109 * https://bugzilla.suse.com/show_bug.cgi?id=1213110 * https://bugzilla.suse.com/show_bug.cgi?id=1213111 * https://bugzilla.suse.com/show_bug.cgi?id=1213112 * https://bugzilla.suse.com/show_bug.cgi?id=1213113 * https://bugzilla.suse.com/show_bug.cgi?id=1213114 * https://bugzilla.suse.com/show_bug.cgi?id=1213134 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213247 * https://bugzilla.suse.com/show_bug.cgi?id=1213252 * https://bugzilla.suse.com/show_bug.cgi?id=1213258 * https://bugzilla.suse.com/show_bug.cgi?id=1213259 * https://bugzilla.suse.com/show_bug.cgi?id=1213263 * https://bugzilla.suse.com/show_bug.cgi?id=1213264 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213523 * https://bugzilla.suse.com/show_bug.cgi?id=1213524 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://jira.suse.com/browse/PED-4758 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 20:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 20:30:33 -0000 Subject: SUSE-SU-2023:3181-1: important: Security update for go1.20 Message-ID: <169109463363.13778.3176835557272718376@smelt2.suse.de> # Security update for go1.20 Announcement ID: SUSE-SU-2023:3181-1 Rating: important References: * #1206346 * #1213880 Cross-References: * CVE-2023-29409 CVSS scores: * CVE-2023-29409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for go1.20 fixes the following issues: * Update to go v1.20.7 (released 2023-08-01) (bsc#1206346) * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3181=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3181=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3181=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3181=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.7-150000.1.20.1 * go1.20-doc-1.20.7-150000.1.20.1 * go1.20-race-1.20.7-150000.1.20.1 * go1.20-debuginfo-1.20.7-150000.1.20.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.7-150000.1.20.1 * go1.20-doc-1.20.7-150000.1.20.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.7-150000.1.20.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.7-150000.1.20.1 * go1.20-doc-1.20.7-150000.1.20.1 * go1.20-race-1.20.7-150000.1.20.1 * go1.20-debuginfo-1.20.7-150000.1.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.7-150000.1.20.1 * go1.20-doc-1.20.7-150000.1.20.1 * go1.20-race-1.20.7-150000.1.20.1 * go1.20-debuginfo-1.20.7-150000.1.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29409.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1213880 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 3 20:30:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 03 Aug 2023 20:30:47 -0000 Subject: SUSE-SU-2023:3180-1: important: Security update for the Linux Kernel Message-ID: <169109464788.13778.6584658846231952590@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3180-1 Rating: important References: * #1150305 * #1193629 * #1194869 * #1207894 * #1208788 * #1211243 * #1211867 * #1212256 * #1212301 * #1212525 * #1212846 * #1212905 * #1213059 * #1213061 * #1213205 * #1213206 * #1213226 * #1213233 * #1213245 * #1213247 * #1213252 * #1213258 * #1213259 * #1213263 * #1213264 * #1213286 * #1213311 * #1213493 * #1213523 * #1213524 * #1213533 * #1213543 * #1213705 Cross-References: * CVE-2023-20593 * CVE-2023-2985 * CVE-2023-3117 * CVE-2023-31248 * CVE-2023-3390 * CVE-2023-35001 * CVE-2023-3812 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities, contains two features and has 26 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). The following non-security bugs were fixed: * Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758). * Support sub-NUMA clustering on UV (jsc#PED-4718). * Fixed multipath not supported error (bsc#1213311). * Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git- fixes) * Revert "drm/i915: Disable DSB usage for now" (git-fixes). * acpi: Fix suspend with Xen PV (git-fixes). * adreno: Shutdown the GPU properly (git-fixes). * arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) * arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git- fixes) * arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) * arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) * asoc: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git- fixes). * asoc: SOF: topology: Fix logic for copying tuples (git-fixes). * bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git- fixes). * bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes). * bluetooth: ISO: fix iso_conn related locking and validity issues (git- fixes). * bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes). * bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes). * bluetooth: fix use-bdaddr-property quirk (git-fixes). * bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes). * bluetooth: hci_event: call disconnect callback before deleting conn (git- fixes). * bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes). * bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git- fixes). * can: bcm: Fix UAF in bcm_proc_show() (git-fixes). * ceph: add a dedicated private data for netfs rreq (bsc#1213205). * ceph: fix blindly expanding the readahead windows (bsc#1213206). * cifs: add a warning when the in-flight count goes negative (bsc#1193629). * cifs: address unused variable warning (bsc#1193629). * cifs: do all necessary checks for credits within or before locking (bsc#1193629). * cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). * cifs: fix max_credits implementation (bsc#1193629). * cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). * cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). * cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). * cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). * cifs: fix status checks in cifs_tree_connect (bsc#1193629). * cifs: log session id when a matching ses is not found (bsc#1193629). * cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). * cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). * cifs: print all credit counters in DebugData (bsc#1193629). * cifs: print client_guid in DebugData (bsc#1193629). * cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). * cifs: print nosharesock value while dumping mount options (bsc#1193629). * codel: fix kernel-doc notation warnings (git-fixes). * cpufreq: tegra194: Fix module loading (git-fixes). * devlink: fix kernel-doc notation warnings (git-fixes). * dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes). * drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes). * drm/amd/amdgpu: limit one queue per gang (git-fixes). * drm/amd/amdgpu: update mes11 api def (git-fixes). * drm/amd/display (gcc13): fix enum mismatch (git-fixes). * drm/amd/display: Add Z8 allow states to z-state support list (git-fixes). * drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes). * drm/amd/display: Add minimum Z8 residency debug option (git-fixes). * drm/amd/display: Add missing WA and MCLK validation (git-fixes). * drm/amd/display: Change default Z8 watermark values (git-fixes). * drm/amd/display: Correct DML calculation to align HW formula (git-fixes). * drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes). * drm/amd/display: Do not update DRR while BW optimizations pending (git- fixes). * drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes). * drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes). * drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes). * drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes). * drm/amd/display: Fix Z8 support configurations (git-fixes). * drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes). * drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes). * drm/amd/display: Have Payload Properly Created After Resume (git-fixes). * drm/amd/display: Lowering min Z8 residency time (git-fixes). * drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes). * drm/amd/display: Refactor eDP PSR codes (git-fixes). * drm/amd/display: Remove FPU guards from the DML folder (git-fixes). * drm/amd/display: Remove optimization for VRR updates (git-fixes). * drm/amd/display: Remove stutter only configurations (git-fixes). * drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes). * drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes). * drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes). * drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes). * drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes). * drm/amd/display: fix a divided-by-zero error (git-fixes). * drm/amd/display: fixed dcn30+ underflow issue (git-fixes). * drm/amd/display: limit timing for single dimm memory (git-fixes). * drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes). * drm/amd/display: set dcn315 lb bpp to 48 (git-fixes). * drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (git-fixes). * drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes). * drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (git-fixes). * drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git- fixes). * drm/amd/pm: resolve reboot exception for si oland (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes). * drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes). * drm/amd/pm: workaround for compute workload type on some skus (git-fixes). * drm/amd: Add a new helper for loading/validating microcode (git-fixes). * drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes). * drm/amd: Load MES microcode during early_init (git-fixes). * drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes). * drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git- fixes). * drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes). * drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes). * drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes). * drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes). * drm/amdgpu/mes11: enable reg active poll (git-fixes). * drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes). * drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git- fixes). * drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes). * drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes). * drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes). * drm/amdgpu: Fix sdma v4 sw fini error (git-fixes). * drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes). * drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git- fixes). * drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes). * drm/amdgpu: change reserved vram info print (git-fixes). * drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes). * drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes). * drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes). * drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes). * drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes). * drm/amdgpu: refine get gpu clock counter method (git-fixes). * drm/amdgpu: remove deprecated MES version vars (git-fixes). * drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes). * drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes). * drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes). * drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes). * drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes). * drm/bridge: anx7625: Prevent endless probe loop (git-fixes). * drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes). * drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes). * drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git- fixes). * drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). * drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes). * drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). * drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes). * drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes). * drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes). * drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes). * drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes). * drm/etnaviv: move idle mapping reaping into separate function (git-fixes). * drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes). * drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs (bsc#1213493). * drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes). * drm/i915/gt: Cleanup partial engine discovery failures (git-fixes). * drm/i915/guc: Add error-capture init warnings when needed (git-fixes). * drm/i915/guc: Fix missing ecodes (git-fixes). * drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes). * drm/i915/guc: Rename GuC register state capture node to be more obvious (git-fixes). * drm/i915/mtl: update scaler source and destination limits for MTL (git- fixes). * drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git- fixes). * drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git- fixes). * drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git- fixes). * drm/i915: Allow panel fixed modes to have differing sync polarities (git- fixes). * drm/i915: Check pipe source size when using skl+ scalers (git-fixes). * drm/i915: Do panel VBT init early if the VBT declares an explicit panel type (git-fixes). * drm/i915: Fix TypeC mode initialization during system resume (git-fixes). * drm/i915: Fix a memory leak with reused mmap_offset (git-fixes). * drm/i915: Fix negative value passed as remaining time (git-fixes). * drm/i915: Fix one wrong caching mode enum usage (git-fixes). * drm/i915: Introduce intel_panel_init_alloc() (git-fixes). * drm/i915: Never return 0 if not all requests retired (git-fixes). * drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes). * drm/i915: Print return value on error (git-fixes). * drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes). * drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes). * drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes). * drm/msm/adreno: Simplify read64/write64 helpers (git-fixes). * drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes). * drm/msm/disp/dpu: get timing engine status from intf status register (git- fixes). * drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes). * drm/msm/dpu: Assign missing writeback log_mask (git-fixes). * drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). * drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes). * drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git- fixes). * drm/msm/hdmi: use devres helper for runtime PM management (git-fixes). * drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git- fixes). * drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git- fixes). * drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). * drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes). * drm/ttm: Do not leak a resource on swapout move error (git-fixes). * drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes). * drm/virtio: Simplify error handling of virtio_gpu_object_create() (git- fixes). * drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes). * drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable implementation (git-fixes). * drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable (git-fixes). * drm/vmwgfx: Remove ttm object hashtable (git-fixes). * drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes). * drm/vmwgfx: Write the driver id registers (git-fixes). * drm: Add fixed-point helper to get rounded integer values (git-fixes). * drm: Add missing DP DSC extended capability definitions (git-fixes). * drm: Optimize drm buddy top-down allocation method (git-fixes). * drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git- fixes). * drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes). * drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes). * drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes). * drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes). * fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). * fuse: revalidate: do not invalidate if interrupted (bsc#1213523). * i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226). * irqchip/gic-v3: Claim iomem resources (bsc#1213533) * irqchip/gicv3: Handle resource request failure consistently (bsc#1213533) * irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533) * kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). * kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of- tree production drivers * kabi/severities: ignore kABI of i915 module It's exported only for its sub- module, not really used by externals * kabi/severities: ignore kABI of vmwgfx The driver exports a function unnecessarily without used by anyone else. Ignore the kABI changes. * memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). * net: mana: Add support for vlan tagging (bsc#1212301). * net: phy: prevent stale pointer dereference in phy_init() (git-fixes). * net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git- fixes). * net: qrtr: start MHI channel after endpoit creation (git-fixes). * nilfs2: reject devices with insufficient block count (git-fixes). * ocfs2: Switch to security_inode_init_security() (git-fixes). * ocfs2: check new file size on fallocate call (git-fixes). * ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). * pci: s390: Fix use-after-free of PCI resources with per-function hotplug (bsc#1212525). * pci: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git- fixes). * perf/x86/amd/core: Always clear status for idx (bsc#1213233). * pie: fix kernel-doc notation warning (git-fixes). * powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). * powerpc/64s: Fix VAS mm use after free (bsc#1194869). * powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). * powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). * powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). * powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). * powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross- boundary (bsc#1150305 ltc#176097 git-fixes). * powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). * powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). * powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). * powerpc/prom_init: Fix kernel config grep (bsc#1194869). * powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close (jsc#PED-542 git-fixes). * powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). * powerpc: clean vdso32 and vdso64 directories (bsc#1194869). * powerpc: define get_cycles macro for arch-override (bsc#1194869). * powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). * rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS__. * rsi: remove kernel-doc comment marker (git-fixes). * s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). * s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). * s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). * s390/pci: clean up left over special treatment for function zero (bsc#1212525). * s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525). * s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525). * s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). * s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). * s390: discard .interp section (git-fixes bsc#1213247). * security: keys: Modify mismatched function name (git-fixes). * selftests/ir: fix build with ancient kernel headers (git-fixes). * selftests: cgroup: fix unsigned comparison with less than zero (git-fixes). * selftests: forwarding: Fix packet matching in mirroring selftests (git- fixes). * selftests: tc: add 'ct' action kconfig dep (git-fixes). * selftests: tc: add ConnTrack procfs kconfig (git-fixes). * selftests: tc: set timeout to 15 minutes (git-fixes). * signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). * signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). * smb3: do not reserve too many oplock credits (bsc#1193629). * smb3: missing null check in SMB2_change_notify (bsc#1193629). * smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). * smb: client: fix missed ses refcounting (git-fixes). * smb: client: fix parsing of source mount option (bsc#1193629). * smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). * smb: client: fix warning in CIFSFindFirst() (bsc#1193629). * smb: client: fix warning in CIFSFindNext() (bsc#1193629). * smb: client: fix warning in cifs_match_super() (bsc#1193629). * smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). * smb: client: fix warning in generic_ip_connect() (bsc#1193629). * smb: client: improve DFS mount check (bsc#1193629). * smb: client: remove redundant pointer 'server' (bsc#1193629). * smb: delete an unnecessary statement (bsc#1193629). * smb: move client and server files to common directory fs/smb (bsc#1193629). * smb: remove obsolete comment (bsc#1193629). * soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes). * soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes). * soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes). * spi: bcm63xx: fix max prepend length (git-fixes). * swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes). * tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git- fixes). * usb: dwc2: Fix some error handling paths (git-fixes). * usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). * usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). * usb: typec: Fix fast_role_swap_current show function (git-fixes). * usb: typec: Fix fast_role_swap_current show function (git-fixes). * wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). * wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart (git-fixes). * wifi: ath11k: Add missing check for ioremap (git-fixes). * wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git- fixes). * x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes). * x86/platform/uv: Add platform resolving #defines for misc GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256 jsc#PED-4718). * x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718). * x86/platform/uv: When searching for minimums, start at INT_MAX not 99999 (bsc#1212256 jsc#PED-4718). * x86: Fix .brk attribute in linker script (git-fixes). * xfs: clean up the rtbitmap fsmap backend (git-fixes). * xfs: do not deplete the reserve pool when trying to shrink the fs (git- fixes). * xfs: do not reverse order of items in bulk AIL insertion (git-fixes). * xfs: fix getfsmap reporting past the last rt extent (git-fixes). * xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git- fixes). * xfs: fix interval filtering in multi-step fsmap queries (git-fixes). * xfs: fix logdev fsmap query result filtering (git-fixes). * xfs: fix off-by-one error when the last rt extent is in use (git-fixes). * xfs: fix uninitialized variable access (git-fixes). * xfs: make fsmap backend function key parameters const (git-fixes). * xfs: make the record pointer passed to query_range functions const (git- fixes). * xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3180=1 openSUSE-SLE-15.5-2023-3180=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3180=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * kernel-syms-azure-5.14.21-150500.33.11.1 * kernel-azure-debuginfo-5.14.21-150500.33.11.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * kselftests-kmp-azure-5.14.21-150500.33.11.1 * ocfs2-kmp-azure-5.14.21-150500.33.11.1 * kernel-azure-devel-5.14.21-150500.33.11.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.11.1 * gfs2-kmp-azure-5.14.21-150500.33.11.1 * kernel-azure-debugsource-5.14.21-150500.33.11.1 * reiserfs-kmp-azure-5.14.21-150500.33.11.1 * kernel-azure-optional-5.14.21-150500.33.11.1 * dlm-kmp-azure-5.14.21-150500.33.11.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * cluster-md-kmp-azure-5.14.21-150500.33.11.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.11.1 * kernel-azure-extra-5.14.21-150500.33.11.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.11.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.11.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.11.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-5.14.21-150500.33.11.1 * kernel-azure-vdso-debuginfo-5.14.21-150500.33.11.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.11.1 * kernel-devel-azure-5.14.21-150500.33.11.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.11.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-azure-devel-debuginfo-5.14.21-150500.33.11.1 * kernel-syms-azure-5.14.21-150500.33.11.1 * kernel-azure-debuginfo-5.14.21-150500.33.11.1 * kernel-azure-devel-5.14.21-150500.33.11.1 * kernel-azure-debugsource-5.14.21-150500.33.11.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.11.1 * kernel-devel-azure-5.14.21-150500.33.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://bugzilla.suse.com/show_bug.cgi?id=1150305 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1207894 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1211243 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212256 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212525 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1212905 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213205 * https://bugzilla.suse.com/show_bug.cgi?id=1213206 * https://bugzilla.suse.com/show_bug.cgi?id=1213226 * https://bugzilla.suse.com/show_bug.cgi?id=1213233 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213247 * https://bugzilla.suse.com/show_bug.cgi?id=1213252 * https://bugzilla.suse.com/show_bug.cgi?id=1213258 * https://bugzilla.suse.com/show_bug.cgi?id=1213259 * https://bugzilla.suse.com/show_bug.cgi?id=1213263 * https://bugzilla.suse.com/show_bug.cgi?id=1213264 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213311 * https://bugzilla.suse.com/show_bug.cgi?id=1213493 * https://bugzilla.suse.com/show_bug.cgi?id=1213523 * https://bugzilla.suse.com/show_bug.cgi?id=1213524 * https://bugzilla.suse.com/show_bug.cgi?id=1213533 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://jira.suse.com/browse/PED-4718 * https://jira.suse.com/browse/PED-4758 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 08:30:03 -0000 Subject: SUSE-RU-2023:3195-1: moderate: Recommended update for crmsh Message-ID: <169113780384.4112.16644927256607245246@smelt2.suse.de> # Recommended update for crmsh Announcement ID: SUSE-RU-2023:3195-1 Rating: moderate References: * #1210709 * #1211817 * #1212436 * #1212992 * #1213050 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has five recommended fixes can now be installed. ## Description: This update for crmsh fixes the following issues: * Ensure a subcommand completes successfully if no exceptions are raised (bsc#1212992) * Fix failure to save username for localhost when initializing a cluster with a qnet server * Fix migration rolling upgrade (bsc#1213050) * Fix setup of a cluster as a non-root sudoer user (bsc#1210709) * Fix the behavior to use the current user as a default when username is not specified (bsc#1211817) * Fix the validation of option `-N` and `-c` (bsc#1212436) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3195=1 SUSE-2023-3195=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3195=1 ## Package List: * openSUSE Leap 15.5 (noarch) * crmsh-test-4.5.0+20230725.5d35bb6-150500.3.5.1 * crmsh-4.5.0+20230725.5d35bb6-150500.3.5.1 * crmsh-scripts-4.5.0+20230725.5d35bb6-150500.3.5.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (noarch) * crmsh-4.5.0+20230725.5d35bb6-150500.3.5.1 * crmsh-scripts-4.5.0+20230725.5d35bb6-150500.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210709 * https://bugzilla.suse.com/show_bug.cgi?id=1211817 * https://bugzilla.suse.com/show_bug.cgi?id=1212436 * https://bugzilla.suse.com/show_bug.cgi?id=1212992 * https://bugzilla.suse.com/show_bug.cgi?id=1213050 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 08:30:06 -0000 Subject: SUSE-RU-2023:3194-1: moderate: Recommended update for crmsh Message-ID: <169113780613.4112.10073056718973329807@smelt2.suse.de> # Recommended update for crmsh Announcement ID: SUSE-RU-2023:3194-1 Rating: moderate References: * #1212992 * #1213050 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for crmsh fixes the following issues: * upgradeutil: Support the change of path of upgrade_seq in crmsh-4.5 (bsc#1213050) * ui_context: Ensure a subcommand completes successfully if no exceptions are raised (bsc#1212992) * medium: ui_node: Fix cib rollback race on node standby ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3194=1 openSUSE-SLE-15.4-2023-3194=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3194=1 ## Package List: * openSUSE Leap 15.4 (noarch) * crmsh-test-4.4.1+20230706.3503893-150400.3.23.1 * crmsh-scripts-4.4.1+20230706.3503893-150400.3.23.1 * crmsh-4.4.1+20230706.3503893-150400.3.23.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * crmsh-scripts-4.4.1+20230706.3503893-150400.3.23.1 * crmsh-4.4.1+20230706.3503893-150400.3.23.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212992 * https://bugzilla.suse.com/show_bug.cgi?id=1213050 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 08:30:08 -0000 Subject: SUSE-RU-2023:3193-1: moderate: Recommended update for google-guest-agent, google-guest-configs, google-osconfig-agent Message-ID: <169113780821.4112.16798995903641838816@smelt2.suse.de> # Recommended update for google-guest-agent, google-guest-configs, google- osconfig-agent Announcement ID: SUSE-RU-2023:3193-1 Rating: moderate References: * #1212418 * #1212759 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for google-guest-agent, google-guest-configs, google-osconfig-agent fixes the following issues: * Update to version 20230601.00 (bsc#1212418, bsc#1212759) * Don't block google-osconfig-agent (#213) * Avoid conflict with automated package updates (#212) * Add a support of TrustedUserCAKeys into sshd configuration (#206) * Add a new dracut module for gcp udev rules (#53) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3193=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230706.02-1.23.3 * google-guest-agent-20230601.00-1.32.3 * Public Cloud Module 12 (noarch) * google-guest-configs-20230626.00-1.23.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212418 * https://bugzilla.suse.com/show_bug.cgi?id=1212759 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 08:30:09 -0000 Subject: SUSE-RU-2023:3192-1: moderate: Recommended update for SAPHanaSR-angi Message-ID: <169113780939.4112.6743976545126986860@smelt2.suse.de> # Recommended update for SAPHanaSR-angi Announcement ID: SUSE-RU-2023:3192-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for SAPHanaSR-angi fixes the following issues: * Version bump to 1.001.5 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3192=1 openSUSE-SLE-15.5-2023-3192=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3192=1 ## Package List: * openSUSE Leap 15.5 (noarch) * SAPHanaSR-angi-1.001.5-150500.3.3.1 * SAP Applications Module 15-SP5 (noarch) * SAPHanaSR-angi-1.001.5-150500.3.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 08:30:11 -0000 Subject: SUSE-RU-2023:3191-1: moderate: Recommended update for cryptsetup Message-ID: <169113781139.4112.133033580660352737@smelt2.suse.de> # Recommended update for cryptsetup Announcement ID: SUSE-RU-2023:3191-1 Rating: moderate References: * #1211079 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one recommended fix can now be installed. ## Description: This update for cryptsetup fixes the following issues: * Handle system with low memory and no swap space (bsc#1211079) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3191=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3191=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3191=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3191=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3191=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3191=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3191=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * cryptsetup-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-2.0.6-150100.4.6.1 * libcryptsetup12-debuginfo-2.0.6-150100.4.6.1 * cryptsetup-debugsource-2.0.6-150100.4.6.1 * libcryptsetup-devel-2.0.6-150100.4.6.1 * cryptsetup-2.0.6-150100.4.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libcryptsetup12-32bit-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-32bit-2.0.6-150100.4.6.1 * libcryptsetup12-32bit-2.0.6-150100.4.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cryptsetup-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-2.0.6-150100.4.6.1 * libcryptsetup12-debuginfo-2.0.6-150100.4.6.1 * cryptsetup-debugsource-2.0.6-150100.4.6.1 * libcryptsetup-devel-2.0.6-150100.4.6.1 * cryptsetup-2.0.6-150100.4.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libcryptsetup12-32bit-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-32bit-2.0.6-150100.4.6.1 * libcryptsetup12-32bit-2.0.6-150100.4.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * cryptsetup-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-2.0.6-150100.4.6.1 * libcryptsetup12-debuginfo-2.0.6-150100.4.6.1 * cryptsetup-debugsource-2.0.6-150100.4.6.1 * libcryptsetup-devel-2.0.6-150100.4.6.1 * cryptsetup-2.0.6-150100.4.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libcryptsetup12-32bit-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-32bit-2.0.6-150100.4.6.1 * libcryptsetup12-32bit-2.0.6-150100.4.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cryptsetup-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-2.0.6-150100.4.6.1 * libcryptsetup12-debuginfo-2.0.6-150100.4.6.1 * cryptsetup-debugsource-2.0.6-150100.4.6.1 * libcryptsetup-devel-2.0.6-150100.4.6.1 * cryptsetup-2.0.6-150100.4.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libcryptsetup12-32bit-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-32bit-2.0.6-150100.4.6.1 * libcryptsetup12-32bit-2.0.6-150100.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * cryptsetup-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-2.0.6-150100.4.6.1 * libcryptsetup12-debuginfo-2.0.6-150100.4.6.1 * cryptsetup-debugsource-2.0.6-150100.4.6.1 * libcryptsetup-devel-2.0.6-150100.4.6.1 * cryptsetup-2.0.6-150100.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libcryptsetup12-32bit-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-32bit-2.0.6-150100.4.6.1 * libcryptsetup12-32bit-2.0.6-150100.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cryptsetup-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-2.0.6-150100.4.6.1 * libcryptsetup12-debuginfo-2.0.6-150100.4.6.1 * cryptsetup-debugsource-2.0.6-150100.4.6.1 * libcryptsetup-devel-2.0.6-150100.4.6.1 * cryptsetup-2.0.6-150100.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libcryptsetup12-32bit-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-32bit-2.0.6-150100.4.6.1 * libcryptsetup12-32bit-2.0.6-150100.4.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * cryptsetup-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-2.0.6-150100.4.6.1 * libcryptsetup12-debuginfo-2.0.6-150100.4.6.1 * cryptsetup-debugsource-2.0.6-150100.4.6.1 * libcryptsetup-devel-2.0.6-150100.4.6.1 * cryptsetup-2.0.6-150100.4.6.1 * SUSE Enterprise Storage 7 (x86_64) * libcryptsetup12-32bit-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-32bit-2.0.6-150100.4.6.1 * libcryptsetup12-32bit-2.0.6-150100.4.6.1 * SUSE CaaS Platform 4.0 (x86_64) * cryptsetup-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-2.0.6-150100.4.6.1 * libcryptsetup12-32bit-debuginfo-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-2.0.6-150100.4.6.1 * libcryptsetup12-debuginfo-2.0.6-150100.4.6.1 * cryptsetup-debugsource-2.0.6-150100.4.6.1 * libcryptsetup12-hmac-32bit-2.0.6-150100.4.6.1 * libcryptsetup12-32bit-2.0.6-150100.4.6.1 * libcryptsetup-devel-2.0.6-150100.4.6.1 * cryptsetup-2.0.6-150100.4.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211079 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 08:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 08:30:14 -0000 Subject: SUSE-SU-2023:3190-1: low: Security update for xtrans Message-ID: <169113781412.4112.16820837256578940067@smelt2.suse.de> # Security update for xtrans Announcement ID: SUSE-SU-2023:3190-1 Rating: low References: * #1178613 Cross-References: * CVE-2020-25697 CVSS scores: * CVE-2020-25697 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2020-25697 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xtrans fixes the following issues: * CVE-2020-25697: Fixed local privilege escalation via TRANS_ABSTRACT on the client side (bsc#1178613). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3190=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3190=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3190=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3190=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3190=1 ## Package List: * openSUSE Leap 15.4 (noarch) * xtrans-1.3.5-150000.3.3.1 * openSUSE Leap 15.5 (noarch) * xtrans-1.3.5-150000.3.3.1 * Basesystem Module 15-SP4 (noarch) * xtrans-1.3.5-150000.3.3.1 * Basesystem Module 15-SP5 (noarch) * xtrans-1.3.5-150000.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * xtrans-1.3.5-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2020-25697.html * https://bugzilla.suse.com/show_bug.cgi?id=1178613 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 08:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 08:30:16 -0000 Subject: SUSE-SU-2023:3189-1: low: Security update for xtrans Message-ID: <169113781618.4112.15604268810981273928@smelt2.suse.de> # Security update for xtrans Announcement ID: SUSE-SU-2023:3189-1 Rating: low References: * #1178613 Cross-References: * CVE-2020-25697 CVSS scores: * CVE-2020-25697 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2020-25697 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for xtrans fixes the following issues: * CVE-2020-25697: Fixed local privilege escalation via TRANS_ABSTRACT on the client side (bsc#1178613). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3189=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * xtrans-1.3.5-5.3.1 ## References: * https://www.suse.com/security/cve/CVE-2020-25697.html * https://bugzilla.suse.com/show_bug.cgi?id=1178613 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 08:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 08:30:20 -0000 Subject: SUSE-SU-2023:3187-1: important: Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags Message-ID: <169113782020.4112.12656249621225263901@smelt2.suse.de> # Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags Announcement ID: SUSE-SU-2023:3187-1 Rating: important References: * #1036025 * #1133277 * #1162343 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature and has three fixes can now be installed. ## Description: This update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags contains the following fixes: Changes in mysql-connector-java: \- Restrict license to GPL-2.0-only \- Fix README adjustments \- Depend on log4j rather than log4j-mini and adjust log4j dependencies to account for the lack of log4j12 Provides in some code streams. \- Add missing Group tag \- Update to 8.0.25 (SOC-11543) Changes in 8.0.25 * No functional changes: version alignment with MySQL Server 8.0.25. Changes in 8.0.24 * Bug#102188 (32526663), AccessControlException with AuthenticationLdapSaslClientPlugin. * Bug#22508715, SETSESSIONMAXROWS() CALL ON CLOSED CONNECTION RESULTS IN NPE. * Bug#102131 (32338451), UPDATABLERESULTSET NPE WHEN USING DERIVED QUERIES OR VIEWS. * Bug#101596 (32151143), GET THE 'HOST' PROPERTY ERROR AFTER CALLING TRANSFORMPROPERTIES() METHOD. * Bug#20391832, SETOBJECT() FOR TYPES.TIME RESULTS IN EXCEPTION WHEN VALUE HAS FRACTIONAL PART. * Bug#97730 (31699993), xdev api: ConcurrentModificationException at Session.close. * Bug#99708 (31510398), mysql-connector-java 8.0.20 ASSERTION FAILED: Unknown message type: 57 s.close. * Bug#32122553, EXTRA BYTE IN COM_STMT_EXECUTE. * Bug#101558 (32141210), NULLPOINTEREXCEPTION WHEN EXECUTING INVALID QUERY WITH USEUSAGEADVISOR ENABLED. * Bug#102076 (32329915), CONTRIBUTION: MYSQL JDBC DRIVER RESULTSET.GETLONG() THROWS NUMBEROUTOFRANGE. * Bug#31747910, BUG 30474158 FIX IMPROVES JDBC COMPLIANCE BUT CHANGES DEFAULT RESULTSETTYPE HANDLING. * Bug#102321 (32405590), CALLING RESULTSETMETADATA.GETCOLUMNCLASSNAME RETURNS WRONG VALUE FOR DATETIME. * WL#14453, Pluggable authentication: new default behavior & user-less authentications. * WL#14392, Improve timeout error messages [classic]. * WL#14202, XProtocol: Support connection close notification. Changes in 8.0.23 * Bug#21789378, FORCED TO SET SERVER TIMEZONE IN CONNECT STRING. * Bug#95644 (30573281), JDBC GETDATE/GETTIME/GETTIMESTAMP INTERFACE BEHAVIOR CHANGE AFTER UPGRADE 8.0. * Bug#94457 (29402209), CONNECTOR/J RESULTSET.GETOBJECT( ..., OFFSETDATETIME.CLASS ) THROWS. * Bug#76775 (20959249), FRACTIONAL SECONDS IN TIME VALUES ARE NOT AVAILABLE VIA JDBC. * Bug#99013 (31074051), AN EXTRA HOUR GETS ADDED TO THE TIMESTAMP WHEN SUBTRACTING INTERVAL 'N' DAYS. * Bug#98695 (30962953), EXECUTION OF "LOAD DATA LOCAL INFILE" COMMAND THROUGH JDBC FOR DATETIME COLUMN. * Bug#101413 (32099505), JAVA.TIME.LOCALDATETIME CANNOT BE CAST TO JAVA.SQL.TIMESTAMP. * Bug#101242 (32046007), CANNOT USE BYTEARRAYINPUTSTREAM AS ARGUMENTS IN PREPARED STATEMENTS AN MORE. * WL#14274, Support for authentication_ldap_sasl_client(SCRAM-SHA-256) authentication plugin. * WL#14206, Support for authentication_ldap_sasl_client(GSSAPI) authentication plugin. * WL#14207, Replace language in APIs and source code/docs. Changes in 8.0.22 * Bug#98667 (31711961), "All pipe instances are busy" exception on multiple connections to named Pipe. * Bug#96309 (31699357), MultiHost in loadbalance may lead to a TPS reduction during a quick switch. * Bug#99076 (31083755), Unclear exception/error when connecting with jdbc:mysql to a mysqlx port. * Bug#96870 (30304764), Contribution: Allow to disable AbandonedConnectionCleanupThread completely. * WL#14115, Support for authentication_ldap_sasl_client (SCRAM-SHA-1) authentication plugin. * WL#14096, Add option to specify LOAD DATA LOCAL allow list folder. * WL#13780, Skip system-wide trust and key stores (incl. X DevAPI client certs). * WL#14017, XProtocol -- support for configurable compression algorithms. * Bug#92903 (28834903), MySQL Connector/j should support wildcard names or alternative names. * Bug#99767 (31443178), Contribution: Check SubjectAlternativeName for TLS instead of commonName. * Bug#93444 (29015453), LOCALDATETIME PARAMETER VA UES ALTERED WHEN CLIENT AND SERVER TIMEZONES DIFFER. * WL#14052, Remove asynchronous variant of X Protocol. * Bug#99713 (31418928), NPE DURING COM.MYSQL.CJ.SERVERPREPAREDQUERYBINDVALUE.STOREDATE(). * WL#14068, Remove legacy integration with JBoss. Changes in 8.0.21 * WL#14051, Upgrade Protocol Buffers dependency to protobuf-java-3.11.4. * WL#14042, Upgrade testsuite to JUnit 5. * Bug#98237 (30911870), PREPAREDSTATEMENT.SETOBJECT(I, "FALSE", TYPES.BOOLEAN) ALWAYS SETS TRUE OR 1. * WL#13008, DevAPI: Add schema validation to create collection. Changes in 8.0.20 * Bug#30805426, IN CASE OF ISAUTHMETHODSWITCHREQUESTPACKET , TOSERVERS > 1 ARE IGNORED. * Bug#97714 (30570249), Contribution: Expose elapsed time for query interceptor * Bug#97724 (30570721), Contribution: Allow \'3.\' formatted numbers. * Bug#98536 (30877755), SIMPLEDATEFORMAT COULD CACHE A WRONG CALENDAR. Fix for Bug#91112 (28125069), AGAIN WRONG JAVA.SQL.DATE. * Bug#30474158, CONNECTOR/J 8 DOES NOT HONOR THE REQUESTED RESULTSETTYPE SCROLL_INSENSITIVE ETC. * Bug#98445 (30832513), Connection option clientInfoProvider=ClientInfoProviderSP causes NPE. * WL#12248, DevAPI: Connection compression. * Bug#30636056, ResultSetUtil.resultSetToMap() can be unsafe to use. * Bug#97757 (30584907), NULLPOINTEREXCEPTION WITH CACHERESULTSETMETADATA=TRUE AND EXECUTEQUERY OF "SET". Changes in 8.0.19 * WL#13346, Support for mult-host and failover. * Bug#97413 (30477722), DATABASEMETADATA IS BROKEN AFTER SERVER WL#13528. * WL#13367, DNS SRV support. * WL#12736, DevAPI: Specify TLS ciphers to be used by a client or session. * Bug#96383 (30119545) RS.GETTIMESTAMP() HAS * DIFFERENT RESULTS FOR TIME FIELDS WITH USECURSORFETCH=TRUE. * Bug#96059 (29999318), ERROR STREAMING MULTI RESULTSETS WITH MYSQL-CONNECTOR-JAVA 8.0.X. * Bug#96442 (30151808), INCORRECT DATE ERROR WHEN CALLING GETMETADATA ON PREPARED STATEMENT. Changes in 8.0.18 * WL#13347, Connectors should handle expired password sandbox without SET operations. * Bug#84098 (25223123), endless loop in LoadBalancedAutoCommitInterceptor. * Bug#23721537, MULTI-SELECT WITH EXECUTEASYNC() GIVES IMPROPER ERROR. * Bug#95741 (29898567), METADATA QUERY USES UPPER() AROUND NUMERIC EXPRESSION. * Bug#20913289, PSTMT.EXECUTEUPDATE() FAILS WHEN SQL MODE IS NO_BACKSLASH_ESCAPES. * Bug#80441 (22850444), SYNTAX ERROR ON RESULTSET.UPDATEROW() WITH SQL_MODE NO_BACKSLASH_ESCAPES. Changes in 8.0.17 * WL#13210, Generate Javadocs via ant. * WL#12247, DevAPI: indexing array fields. * WL#12726, DevAPI: Add overlaps and not_overlaps as operator. * Bug#95503 (29821029), Operator IN not mapping consistently to the right X Plugin operation. * WL#12942, Update README.md and add new CONTRIBUTING.md. * WL#13125, Support fully qualified hostnames longer than 60 characters. * Bug#95210 (29807741), ClassCastException in BlobFromLocator when connecting as jdbc:mysql:replication. * Bug#29591275, THE JAR FILE NEEDS TO CONTAIN A README AND LICENSE FILE. * WL#13124, Support new utf8mb4 bin collation. * WL#13009, DevAPI: Deprecate methods. * WL#11101, Remove de-cache and close of SSPSs on double call to close(). * Bug#89133 (27356869) CONTRIBUTION: UPDATE DA ABASEMETADATA.JAVA. * Bug#11891000, DABATASEMETADATA.GETTABLES() IGNORES THE SCHEMA_PATTERN ARGUMENT. * Bug#94101 (29277648), SETTING LOGSLOWQUERIES SHOULD NOT AUTOMATICALLY ENABLE PROFILESQL FOR QUERIES. * Bug#74690 (20010454), PROFILEREVENT HOSTNAME HAS NO GETTER(). * Bug#70677 (17640628), CONNECTOR J WITH PROFILESQL - LOG CONTAINS LOTS OF STACKTRACE DATA. * Bug#41172 (11750577), PROFILEREVENT.PACK() THROWS ARRAYINDEXOUTOFBOUNDSEXCEPTION. * Bug#27453692, CHARACTERS GET GARBLED IN CONCAT() IN PS WHEN USECURSORFETCH=TRUE. * Bug#94585 (29452669), GETTABLENAME() RETURNS NULL FOR A QUERY HAVING COUNT( _) WITH JDBC DRIVER V8.0.12. * Bug#94442 (29446059), RESULTSETIMPL.GETDOUBLE IS INEFFICIENT BECAUSE OF BIGDECIMAL (RE)CONSTRUCTIONS. Changes in 8.0.16 * WL#12825, Remove third-party libraries from sources and bundles. * Bug#93590 (29054329), javax.net.ssl.SSLException: closing inbound before receiving peer 's close_notify. * Bug#94414 (29384853), Connector/J RPM package have version number in path. * Bug#27786499, REDUNDANT FILES IN DEBIAN PACKAGE FOR DEBIAN9(COMMUNITY PACKAGE) FOR CJAVA. * WL#12246, DevAPI: Prepared statement support. * WL#10839, Adjust c/J tests to the new "ON" default for explicit_defaults_for_timestamp. * Bug#29329326, PLEASE AVOID SHOW PROCESSLIST IF POSSIBLE. * WL#12460, DevAPI: Support new session reset functionality. * WL#12459, DevAPI: Support connection-attributes. * Bug#25650385, GETBYTE() RETURNS ERROR FOR BINARY() FLD. * Bug#27784363, MYSQL 8.0 JDBC DRIVER THROWS NUMBERFORMATEXCEPTION FOR TEXT DATA * Bug#93007 (28860051), LoadBalancedConnectionProxy.getGlobalBlacklist bug. * Bug#29186870, CONNECTOR/J REGRESSION: NOT RETURNING PRECISION GETPROCEDURECOLUMNS. * Bug#22038729, X DEVAPI: ANY API CALL AFTER A FAILED CALL PROC() RESULTS IN HANG. * Bug#29244101, ADD MAPPING FOR UTF8MB4_ZH_0900_AS_CS COLLATION. * Bug#92819 (28834959), EXPRPARSER THROWS WRONGARGUMENTEXCEPTION WHEN PARSING EMPTY JSON ARRAY. * Bug#21921956, X DEVAPI: EXPRESSION PARSE ERROR WITH UNARY OPERATOR. * Bug#94031 (29257922), WRONG JSON_UNQUOTE WORKAROUND. * Bug#22931700, BINDINGS.GETBOOLEAN() ALWAYS RETURNS FALSE. * Bug#25650912, ERROR MESSAGE NOT CLEAR WHEN WE PASS A CHAR DATA TO ANY TABLE API. * Bug#25642021, CHANGEUSER() FAILS WHEN ENABLEPACKETDEBUG=TRUE. Changes in 8.0.15 * Bug#94051 (29261254), Not recommended default for 'allowLoadLocalInfile'. Changes in 8.0.14 * WL#12298, Connectors: Expose metadata about source and binaries in unified way. * Bug#93111 (28894344), ConnectionUrl.java contains char U+00A7 (section sign). * WL#12621, DevAPI: Handling of Default Schema. * Bug#93340 (28970166), C/J BUILD SCRIPT IS TOO VERBOSE * WL#12462, DevAPI: Be prepared for initial notice on connection. * Bug#28924137, WL#12463:IF COLLECTION DOESN'T EXIST, COLL.COUNT() IS GIVING A WRONG ERROR MESSAGE. * WL#12463, DevAPI: Standardize count method. * Bug#92508 (28747636), mysql-connector in bootclasspath causing memory leak. * Bug#25650514, UPDATEROW() CALL FAILS WITH NPE WHEN SSPS=TRUE AND TABLE HAS MULTI-FLD KEY. * Bug#25650482, REFRESHROW() CALL AFTER UPDATEROW() API FAILS WHEN USESERVERPREPSTMTS=TRUE. * Bug#92536 (28692243), UPDATEING SERVER SIDE PREPSTMTS RESULTSET FAIL. * Bug#92625 (28731795), CONTRIBUTION: FIX OBSERVED NPE IN CLEARINPUTSTREAM. * Bug#23045642, ADDING NO-DOC (MYSQLCONNJ-696) RESULTS IN EXCEPTION. * Bug#91065 (28101003), ZERODATETIMEBEHAVIOR=CONVERT_TO_NULL SHOULD NOT APPLY TO 00:00:00 TIME COLUMNS. * Bug#92574 (28706219), WHEN CONVERTING FROM VARCHAR TO JAVA BOOLEAN, 'N' IS NOT SUPPORTED. * Bug#25642226, CHANGEUSER() NOT SETTING THE DATABASE PROPERLY WITH SHA USER. * Bug#28606708, NAMED PIPE CONNECTION FOR X PROTOCOL RETURNS NPE, EXPECTED PROPER ERROR MESSAGE. Changes in 8.0.13 * Bug#91317 (28207422), Wrong defaults on collation mappings. * WL#12245, DevAPI: Implement connect timeout. * Bug#21774249, UNIT TEST FAILS WITH ERROR " 'CEST' IS UNRECOGNIZED TIME ZONE". * WL#11857, DevAPI: Implement connection pooling for xprotocol. * Bug#91873 (28444461), REMOVE USEOLDUTF8BEHAVIOR CONNECTION PROPERTY. * Bug#92264 (28594434), JSONPARSER PUTS UNNECESSARY MAXIMUM LIMIT ON JSONNUMBER TO 10 DIGITS. * WL#12110, Extend PropertyDefinitions.PropertyKey usage. * Bug#81063 (23098159), w/ rewriteBatchedStatements, when 2 tables involved, the rewriting not correct. * Bug#84813 (25501750), rewriteBatchedStatements fails in INSERT. * Bug#81196 (23227334), CONNECTOR/J NOT FOLLOWING DATABASE CHARACTER SET. * Bug#72609 (18749544), SETDATE() NOT USING A PROLEPTIC GREGORIAN CALENDAR. * Bug#87534 (26730196), UNION ALL query fails when useServerPrepStmts=true on database connection. * Bug#89948 (27658489), Batched statements are not committed for useLocalTransactionState=true. * BUG#22305979, WRONG RECORD UPDATED IF SENDFRACTIONALSECONDS=FALSE AND SMT IS SCROLLABLE. * Bug#27102307, CHANGE USESSL AND VERIFYSERVERCERTIFICATE TO SSLMODE OPTION. * Bug#28150662, CONNECTOR/J 8 MALFORMED DATABASE URL EXCEPTION WHIT CORRECT URL STRING. * Bug#91421 (28246270), ALLOWED VALUES FOR ZERODATETIMEBEHAVIOR ARE INCOMPATIBLE WITH NETBEANS. * Bug#23045604, XSESSION.GETURI() RETURNS NPE. * Bug#21914769, NPE WHEN TRY TO EXECUTE INVALID JSON STRING. * Bug#BUG#90887 (28034570), DATABASEMETADATAUSINGINFOSCHEMA#GETTABLES FAILS IF METHOD ARGUMENTS ARE NULL. * Bug#28207088, C/JAVA: UPDATECLOB(INT COLUMNLABEL, JAVA.SQL.CLOB CLOB) IS FAILING. * Bug#27629553, NPE FROM GETSESSION() FOR SSL CONNECTION WHEN NO PASSWORD PASSED. Changes in 8.0.12 * Bug#28208000, MASTER : HANG IN ASYNCHRONOUS SELECT TEST. * WL#10544, Update MySQL 8.0 keywords list. * WL#11858, DevAPI: Core API v1 alignment. * Bug#27652379, NPE FROM GETSESSION(PROPERTIES) WHEN HOST PARAMETER IS GIVEN IN SMALL LETTER. * BUG#87600 (26724154), CONNECTOR THROWS 'MALFORMED DATABASE URL' ON NON MYSQL CONNECTION-URLS. * BUG#26089880, GETCONNECTION("MYSQLX://..") RETURNS NON-X PROTOCOL CONNECTION. * WL#11876, Improve connection properties design. * WL#11933, Connector/J 8.0 X DevAPI reference documentation update. * WL#11860, Ensure >= 75% code coverage. * Bug#90753 (27977617), WAIT_TIMEOUT EXCEEDED MESSAGE NOT TRIGGERED. * Bug#85941 (25924324), WASNULL NOT SET AFTER GETBYTES IS CALLED. * Bug#28066709, COLLECTION.CREATEINDEX() TEST IS BROKEN AFTER WL#11808 IMPLEMENTATION. * Bug#90872 (28027459), FILTERPARAMS CLASS IS NOT NEEDED. * Bug#27522054, POSSIBLE ASYNC XPROTOCOL MESSAGE HANDLING PERF ISSUE. The "xdevapi.useAsyncProtocol" connection property default value is changed to "false". Changes in 8.0.11 * WL#11293, DevAPI: Support new locking modes : NOWAIT and SKIP LOCKED. * Bug#90029 (27678308), FAILURE WHEN GETTING GEOMCOLLECTION COLUMN TYPE. * BUG#90024 (27677574), SOME TESTS FAILED AGAINST MYSQL 8.0.5 BECAUSE OF DEPRECATED FEATURES REMOVAL. * Bug#86741 (26314325), Multi-Host connection with autocommit=0 getAutoCommit maybe wrong. * Bug#27231383, PROVIDE MAVEN-FRIENDLY COMMERCIAL PACKAGES WITHOUT "-BIN". * Bug#26819691, SETTING PACKETDEBUGBUFFERSIZE=0 RESULTS IN CONNECTION FAILURE. * Bug#88227 (27029657), Connector/J 5.1.44 cannot be used against MySQL 5.7.20 without warnings. * Bug#27374581, CONNECTION FAILS WHEN GPL SERVER STARTED WITH TLS-VERSION=TLSV1.2. * WL#11419, DevAPI: New document _id generation support. * WL#11620, Change caching_sha2_password padding. * WL#11604, DevAPI: Add SHA256_MEMORY support. * BUG#86278 (26092824), SUPPORT CUSTOM CONSTRUCTION OF SSLSOCKET DURING CONNECTION ESTABLISHMENT. * BUG#27226293, JSONNUMBER.GETINTEGER() & NUMBERFORMATEXCEPTION. * WL#10527, Clean up Protocol and Session interfaces. Changes in 8.0.9 * WL#11469, Update license header in GPL packages. * BUG#27247349, WL#11208 : UNIQUE DOES NOT GIVE ERROR EVEN THOUGH IT IS NOT SUPPORTED. * WL#11208, DevAPI: Collection.createIndex. * WL#10156, Add setters/getters for connection properties to MysqlDataSource, MysqlXADataSource and MysqlConnectionPoolDataSource. * WL#11401, DevAPI: Remove configuration API. * WL#10619, Ensure compatibility with new data dictionary. * BUG#27217264, WL#10937: NULL POINTER EXCEPTION WHEN NULL IS PASSED AS _ID IN COLL.REPLACEONE. * WL#10937, DevAPI: ReplaceOne, AddOrReplaceOne, GetOne, RemoveOne. * Bug#26723646, JSON_MERGE() FUNCTION IS DEPRECATED IN MYSQL 8.0. * Bug#27185332, WL#11210:ERROR IS THROWN WHEN NESTED EMPTY DOCUMENTS ARE INSERTED TO COLLECTION. * Bug#27151601, WL#11210: DOCUMENT PATCH EXPRESSIONS ARE NOT SUPPORTED. * WL#11210, DevAPI: Modify/MergePatch. * Bug#79612 (22362474), CONNECTION ATTRIBUTES LOST WHEN CONNECTING WITHOUT DEFAULT DATABASE. * WL#10152, Enable TLSv1.2 on mysqlx. * Bug#27131768, NULL POINTER EXCEPTION IN CONNECTION. * Bug#88232 (27047676), c/J does not rollback transaction when autoReconnect=true. * Bug#88242 (27040063), autoReconnect and socketTimeout JDBC option makes wrong order of client packet. * Bug#88021 (26939943), High GC pressure when driver configured with serversideprepared statements. * Bug#26724085, CHARSET MAPPING TO BE UPDATED FOR MYSQL 8.0.3. * Bug#87704 (26771560), THE STREAM GETS THE RESULT SET ?THE DRIVER SIDE GET WRONG ABOUT GETLONG(). * Bug#24924097, SERVER GREETING ERROR ISN'T RECOGNIZED DURING HANDSHAKE. * Bug#26748909, MASTER : ERROR - NO OPERATIONS ALLOWED AFTER STATEMENT CLOSED FOR TOSTRING(). * Bug#26266731, CONCUR_UPDATABLE RESULTSET OPERATIONS FAIL AGAINST 8.0 FOR BOOLEAN COLUMN. * WL#11239, DevAPI: Remove create table implementation. * Bug#27131100, WL#11212 : SAVEPOINT CREATING WITH EMPTY STRING AND SPACE AS NAME. * WL#11212, DevAPI: transaction save-points. * WL#11060, Support new SHA-256 authentication system. * Bug#87826 (26846249), MYSQL JDBC CONNECTOR/J DATABASEMETADATA NULL PATTERN HANDLING IS NON-COMPLIANT. * WL#11163, Extract parameter setters, serverPrepare() and serverExecute() to core classes. * BUG#26995710, WL#11161 : NULL POINTER EXCEPTION IN EXECUTEBATCH() AND CLOSE(). * WL#11161, Unify query bindings. * WL#8469, Don't extract query text from packets when possible. Changes in 8.0.8 * BUG#26722030, TEST FAILING DUE TO BINARY LOGGING ENABLED BY DEFAULT IN MYSQL 8.0.3. * BUG#26722018, TESTS FAILING DUE TO CHANGE IN INFORMATION_SCHEMA.INNODB_SYS__ NAMING. * BUG#26750807, MASTER : NULL POINTER EXCEPTION IN SCHEMA.DROPVIEW(NULL). * BUG#26750705, MASTER : ERROR - UNSUPPORTED CONVERSION FROM TIME TO JAVA.SQL.DATE. * WL#10620, DevAPI: SHA256 Authentication support. * WL#10936, DevAPI: Row locking for Crud.Find. * WL#9868, DevAPI: Configuration handling interface. * WL#10935, DevAPI: Array or Object "contains" operator. * WL#9875, Prepare c/J 8.0 for DEB and RPM builds. * BUG#26259384, CALLABLE STATEMENT GIVES ERROR IN C/JAVA WHEN RUN AGAINST MYSQL 8.0. * Bug#26393132, NULLPOINTEREXCEPTION IS THROWN WHEN TRIED TO DROP A NULL COLLECTION. * WL#10532, DevAPI: Cleanup Drop APIs. * Bug#87429 (26633984), repeated close of ServerPreparedStatement causes memory leak. * Bug#87379 (26646676), Perform actual TLS capabilities check when restricting TLSv1.2. * Bug#85601 (25777822), Unit notation is missing in the description of the property involved in the time. * Bug#87153 (26501245), INCORRECT RESULT OF DBMD.GETVERSIONCOLUMNS() AGAINST MYSQL 8.0.2+. * Bug#78313 (21931572), proxies not handling Object.equals(Object) calls correctly. * Bug#85885 (25874048), resultSetConcurrency and resultSetType are swapped in call to prepareStatement. * Bug#74932 (20066806), ConnectionImp Doesn't Close Server Prepared Statement (PreparedStatement Leak). * WL#10536, Deprecating COM_SHUTDOWN. * Bug#25946965, UPDATE THE TIME ZONE MAPPINGS WITH LATEST TZ DATABASES. * Bug#20182108, INCLUDE CUSTOM LOAD BALANCING STRATEGY USING PLUGIN API. * Bug#26440544, CONNECTOR/J SHOULD NOT USE TX_{READ_ONLY,ISOLATION} WHICH IS PLANNED FOR REMOVAL. * Bug#26399958, UNABLE TO CONNECT TO MYSQL 8.0.3. * Bug#25650305, GETDATE(),GETTIME() AND GETTIMESTAMP() CALL WITH NULL CALENDAR RETURNS NPE. Changes in 8.0.7 * Bug#26227653, WL#10528 DIFF BEHAVIOUR WHEN SYSTEM PROP JAVAX.NET.SSL.TRUSTSTORETYPE IS SET. * WL#10528, DevAPI: Ensure all connectors are secure by default. * WL#8305, Remove internal dependency on connection objects. * Bug#22972057, X DEVAPI: CLIENT HANGS AFTER CONNECTION FAILURE. * Bug#26140577, GIS TESTS ARE FAILING WITH MYSQL 8.0.1. * WL#10765, DevAPI: Forbid modify() and remove() with no condition. * Bug#26090721, CONNECTION FAILING WHEN SERVER STARTED WITH COLLATION UTF8MB4_DE_PB_0900_AI_CI. * WL#10781, enum-based connection properties. * Bug#73775 (19531384), DBMD.getProcedureColumns()/.getFunctionColumns() fail to filter by columnPattern. * Bug#84324 (25321524), CallableStatement.extractProcedureName() not work when catalog name with dash. * Bug#79561 (22333996), NullPointerException when calling a fully qualified stored procedure. * Bug#84783 (25490163), query timeout is not working(thread hang). * Bug#70704 (17653733), Deadlock using UpdatableResultSet. * Bug#66430 (16714868), setCatalog on connection leaves ServerPreparedStatement cache for old catalog. * Bug#70808 (17757070), Set sessionVariables in a single query. * Bug#77192 (21170603), Description for the Property replicationConnetionGroup Missing from the Manual. * Bug#83834 (25101890), Typo in Connector/J error message. * WL#10531, Support utf8mb4 as default charset. * Bug#85555 (25757019), useConfigs Can't find configuration template named, in mysql-connector-java 6.x * WL#10529, Move version number to 8.0. * WL#10530, DevAPI: Remove XSession, rename NodeSession to Session. * Bug#23510958, CONCURRENT ASYNC OPERATIONS RESULT IN HANG. * Bug#23597281, GETNODESESSION() CALL WITH SSL PARAMETERS RETURNS CJCOMMUNICATIONSEXCEPTION. * Bug#25207784, C/J DOESN'T FOLLOW THE FINAL X DEVAPI MY-193 SPECIFICATION. * Bug#25494338, ENABLEDSSLCIPHERSUITES PARAMETER NOT WORKING AS EXPECTED WITH X-PLUGIN. * Bug#84084 (25215008), JAVA.LANG.ARRAYINDEXOUTOFBOUNDSEXCEPTION ON ATTEMPT TO GET VALUE FROM RESULTSET. * WL#10553, Add mapping for Japanese utf8mb4 collation. * Bug#25575103, NPE FROM CREATETABLE() WHEN SOME OF THE INPUTS ARE NULL. * Bug#25575156, NPE FROM CREATEVIEW() WHEN SOME OF THE INPUTS ARE NULL. * Bug#25636947, CONNECTION USING MYSQL CLIENT FAILS IF WE USE THE SSL CERTIFICATES FROM C/J SRC. * Bug#25687718, INCORRECT TIME ZONE IDENTIFIER IN STATEMENTREGRESSIONTEST. * Bug#25556597, RESULTSETTEST.TESTPADDING UNIT TEST IS FAILING IN 5.1.41 RELEASE PACKAGE. * Bug#25517837, CONNECT PERFORMNACE DEGRADED BY 10% IN 5.1.41. * Bug#25504578, CONNECT FAILS WHEN CONNECTIONCOLLATION=ISO-8859-13. * Bug#25438355, Improper automatic deserialization of binary data. * Bug#70785 (17756825), MySQL Connector/J inconsistent init state for autocommit. * Bug#66884: Property 'elideSetAutoCommits' temporarily defaults to 'false' until this bug is fixed. * Bug#75615 (21181249), Incorrect implementation of Connection.setNetworkTimeout(). * Bug#81706 (23535001), NullPointerException in driver. * Bug#83052 (25048543), static method in com.mysql.jdbc.Util relies on null object. * Bug#69526 (17035755), 'Abandoned connection cleanup thread' at mysql-connector-java-5.1.25. * Bug#82826 (24942672), Unneeded version requirement for javax.net.ssl Import-Package on OSGi MANIFEST.MF. Changes in 6.0.6 * Added Core TLS/SSL options for the mysqlx URI scheme. * Updated collations map. * Bug#24350526, UNEXPECTED BEHAVIOUR OF IS_NUMBER_SIGNED API IN C/JAVA. * Bug#82707 (24512766), WRONG MILLI SECOND VALUE RETURNED FROM TIMESTAMP COLUMN. * Bug#82005 (23702040), JDBCDATEVALUEFACTORY FAILS TO PARSE SOME DATES. * Bug#83725 (25056803), NPE IN XPROTOCOL.GETPLUGINVERSION() WITH MYSQL 5.7.17. * Bug#24525461, UPDATABLE RESULTSET FEATURE FAILS WHEN USESERVERPREPSTMTS=TRUE. * Bug#24527173, QUERY EXECUTION USING PREPARED STMT FAILS WHEN USECURSORFETCH=TRUE. * Bug#82964 (24658016), JSR-310 DATA TYPES CREATED THROUGH JAVA.SQL TYPES. * Bug#81202 (23188159), RESULTSETIMPL.GETOBJECT THROWS NULLPOINTEREXCEPTION WHEN FIELD IS NULL. * Bug#22931277, COLUMN.GETTYPE() RETURNS ERROR FOR VALID DATATYPES. * BUG#24471057, UPDATE FAILS WHEN THE NEW VALUE IS OF TYPE DBDOC WHICH HAS ARRAY IN IT. * Bug#81691 (23519211), GETLASTDOCUMENTIDS() DOESN'T REPORT IDS PROVIDED BY USER. * Bug#82826 (24942672), Unneeded version requirement for javax.net.ssl Import-Package on OSGi MANIFEST.MF. Changes in 6.0.5 * BUG#82896 (24613062), Unexpected behavior on attempt to connect to JDBC driver with unsupported URL. * Added client-side failover during XSession initialization for multi-router configuration. * Removed Extension interface. All extension classes now implement their specific interfaces. * Bug#22988922, GETLENGTH() RETURNS -1 FOR LONGBLOB AND LONGTEXT FIELDS. * Bug#24619829, NEW FAILURES IN C/JAVA UNITTESTS AGAINST MYSQL 8.0. * Bug#75209 (20212882), Set useLocalTransactionState may result in partially committed transaction. * Bug#48346 (11756431), Communications link failure when reading compressed data with compressed=true. * Bug#80631 (22891845), ResultSet.getString return garbled result with json type data. * Bug#64188 (13702433), MysqlXAConnection.MYSQL_ERROR_CODES_TO_XA_ERROR_CODES is missing XA error codes. * Bug#72632 (18759269), NullPointerException for invalid JDBC URL. * Bug#82115 (23743956), Some exceptions are intercepted twice or fail to set the init cause. * Bug#78685 (21938551), Wrong results when retrieving the value of a BIT column as an integer. * Bug#80615 (22954007), prepared statement leak when rewriteBatchedStatements=true and useServerPrepStmt. * Extended X DevAPI with flexible parameter lists. * Added a virtual NodeSession to X DevAPI. Changes in 6.0.4 * X DevAPI URL prefix changed from "mysql:x:" to "mysqlx:". * Bug#24301468 X DEVAPI SSL CONNECTION FAILS ON WINDOWS * The X DevAPI Table object now represents both database tables and views. * Added support for matching against pattern for X DevAPI list_objects calls. * Added Schema.getCollections(String pattern) and Schema.getTables(String pattern) interface methods. * Switched to "mysqlx" namespace for X DevAPI StmtExecute messages. This change is incompatible to MySQL server versions < 5.7.14. * Bug#82046 (23743947), MYSQL CONNECTOR JAVA OSGI METADATA BROKEN. * Bug#21690043, CONNECT FAILS WHEN PASSWORD IS BLANK. * Bug#22931433, GETTING VALUE OF BIT COLUMN RESULTS IN EXCEPTION. Changes in 6.0.3 * Bug#23535571, EXCESSIVE MEMORY USAGE WHEN ENABLEPACKETDEBUG=TRUE. * Bug#23212347, ALL API CALLS ON RESULTSET METADATA RESULTS IN NPE WHEN USESERVERPREPSTMTS=TRUE. * Bug#23201930, CLIENT HANG WHEN RSLT CUNCURRENCY=CONCUR_UPDATABLE AND RSLTSET TYPE=FORWARD_ONLY. * Bug#23188498, CLIENT HANG WHILE USING SERVERPREPSTMT WHEN PROFILESQL=TRUE AND USEIS=TRUE. * Bug#22678872, NPE DURING UPDATE WITH FABRIC. * Bug#71131 (18068303), Poor error message in CallableStatement.java. * Bug#59462 (16736619), ConcurrentModificationException inside ConnectionImpl.closeAllOpenStatements(). * Bug#22848249, LOADBALANCECONNECTIONGROUPMANAGER.REMOVEHOST() NOT WORKING AS EXPECTED. * Bug#22730682, ARRAYINDEXOUTOFBOUNDSEXCEPTION FROM CONNECTIONGROUPMANAGER.REMOVEHOST(). * Bug#77171 (21181466), On every connect getting sql_mode from server creates unnecessary exception. * Bug#79343 (22353759), NPE in TimeUtil.loadTimeZoneMappings causing server time zone value unrecognized. * Bug#22038729, X DevAPI: Any API call after a failed CALL PROC() results in hang * Replace Schema.drop(), Collection.drop() by X DevAPI's session.dropSchema() and session.dropCollection(). * Added session.dropTable(). * Bug#22932078, GETTIMESTAMP() RETURNS WRONG VALUE FOR FRACTIONAL PART * Extracted packet readers from MysqlaProtocol. * Bug#22972057, X protocol CLIENT HANGS AFTER CONNECTION FAILURE * Bug#23044312, NullPointerException in X protocol AsyncMessageReader due to race condition * Returned support for MySQL 5.5 and 5.6. Changes in 6.0.2 * Deprecate the EOF packet. * Bug#75956, Inserting timestamps using a server PreparedStatement and useLegacyDatetimeCode=false * Bug#22385172, CONNECTOR/J MANIFEST DOES NOT EXPOSE FABRIC (OSGi). * Bug#22598938, FABRICMYSQLDATASOURCE.GETCONNECTION() NPE AFTER SWITCHOVER. * Bug#21286268, CONNECTOR/J REPLICATION USE MASTER IF SLAVE IS UNAVAILABLE. * Bug#21296840 & Bug#17910835, Server information in a group from Fabric is not refreshed after expired TTL. * Bug#56122 (11763419), JDBC4 functionality failure when using replication connections. * Added support for TLSv1.1 and TLSv1.2 * Bug#78961 (22096981), Can't call MySQL procedure with InOut parameters in Fabric environment. * Bug#56100 (11763401), Replication driver routes DML statements to read-only slaves. * StandardSSLSocketFactory implements SocketMetadata. * Bug#21978216, GETTYPEINFO REPORT MAXIMUM PRECISION OF 255 FOR VARBINARY. * Bug#78706 (21947042), Prefer TLS where supported by MySQL Server. * Bug#21934573, FABRIC CODE INVOLVED IN THREAD DEADLOCK. * Bug#21876798, CONNECTOR/J WITH MYSQL FABRIC AND SPRING PRODUCES PROXY ERROR. Changes in 6.0.1 * Removed useJvmCharsetConverters connection property. JVM charset converters are now used in all cases. * Refactored value decoding and removed all date/time connection properties * Refactored connection properties * Assume existence of INFORMATION_SCHEMA.PARAMETERS (and thus MySQL 5.5) when preparing stored procedure calls. * Removed retainStatementAfterResultSetClose connection property. * Null-merge of Bug#54095 (11761585) fix. * Removed support code for MySQL server versions < 5.7. * Bug#76859 (20969312), DBMD getColumns using I_S doesn't have column IS_GENERATEDCOLUMN as per JDBC 4.1. * Added support for GENERATED COLUMNS. * Update Time Zone mappings with IANA Time Zone database tsdata2015f and Unicode CLDR v.28. * Update DatabaseMetaData SQL keywords. * Added tests for Optimizer hints syntax introduced in MySQL 5.7.7. * Bug#21860833, JSON DATA TYPE DOESN'T WORK WITH SSPS. * Added support for JSON data type. * Added support for JDBC 4.2 new features. * Bug#16634180, LOCK WAIT TIMEOUT EXCEEDED CAUSES SQLEXCEPTION, SHOULD CAUSE SQLTRANSIENTEXCEPTION * Bug#75849 (20536592), NPE in abortInternal() method on line 1358 of ConnectionImpl. * Bug#78106 (21648826), Potential memory leak with inflater. * Bug#78225 (21697684), DEFAULT NO_AUTO_CREATE_USER SQL_MODE BEHAVIOR BROKE SOME TESTS * Bug#77665 (21415165), JDBC fails to connect with MySQL 5.0. * Bug#77681 (21429909), rewrite replace sql like insert when rewriteBatchedStatements=true (contribution). * Bug#77449 (21304726) Add 'truncateFractionalSeconds=true|false' property (contribution). * Bug#50348 (11758179), mysql connector/j 5.1.10 render the wrong value for dateTime column in GMT DB. * Bug#75670 (20433047), Connection fails with "Public Key Retrieval is not allowed" for native auth. * Bug#76187 (20675539), getTypeInfo report maximum precision of 255 for varchar. * Add test for new syntax 'ALTER TABLE ... DISCARD|IMPORT PARTITION ...' introduced in MySQL 5.7.4. * Bug#20727196, GETPROCEDURECOLUMNS() RETURNS EXCEPTION FOR FUNCTION WHICH RETURNS ENUM/SET TYPE. * Bug#19803348, GETPROCEDURES() RETURNS INCORRECT OUTPUT WHEN USEINFORMATIONSCHEMA=FALSE. * Bug#21215151, DATABASEMETADATA.GETCATALOGS() FAILS TO SORT RESULTS. * Bug#72630 (18758686), NullPointerException during handshake in some situations * Bug#20825727, CONNECT FAILURE WHEN TRY TO CONNECT SHA USER WITH DIFFERENT CHARSET. * Flag RowDataDynamic.isInterrupted removed as it isn't needed. * Bug#20518653, XSL FILES IN PACKAGES * Bug#20804635, GETTIME() AND GETDATE() FUNCTIONS FAILS WHEN FRACTIONAL PART EXISTS * Bug#62452 (16444069), NPE thrown in JDBC4MySQLPooledException when statement is closed. * BUG#70927 (17810800), Connector/J COM_CHANGE_USER handling is broken * Bug#75335 (20283655), Maven artifact for Connector/J is missing source jar. * BUG#75592 (20408891), "SHOW VARIABLES WHERE" is expensive. * Bug#75113 (20821888), Fail in failover of the connection in MySQL fabric * Bug#72077 (18425861), Fabric connection with username to a server with disabled auth throws NPE * Add test for already fixed Bug#72546 (18719760), C/J Fabric createGroup() throws ClassCastException * Bug#77217 (21184949), ClassCastException when executing a streaming PreparedStatement with Fabric * Bug#19536760, GETSTRING() CALL AFTER RS.RELATIVE() RETURNS NULLPOINTEREXCEPTION * BUG#20453712, CLOB.SETSTRING() WITH VALID INPUT RETURNS EXCEPTION * BUG#20453671, CLOB.POSITION() API CALL WITH CLOB INPUT RETURNS EXCEPTION * Bug#20685022, SSL CONNECTION TO MYSQL 5.7.6 COMMUNITY SERVER FAILS. * Bug#20606107, TEST FAILURES WHEN RUNNING AGAINST 5.7.6 SERVER VERSION * Bug#20533907, BUG#20204783 FIX EXPOSES WRONG BEAHAVIORS IN FAILOVER CONNECTIONS. * Bug#20504139, GETFUNCTIONCOLUMNS() AND GETPROCEDURECOLUMNS() RETURNS ERROR FOR VALID INPUTS. * Expose PreparedStatment.ParseInfo for external usage, with no capture of the connection * Bug#75309 (20272931), mysql connector/J driver in streaming mode will in the blocking state. * New property 'readOnlyPropagatesToServer' controls the implicit propagation of read only transaction access mode to server. * Bug#54095 (11761585), Unnecessary call in newSetTimestampInternal. * Bug#67760 (15936413), Deadlock when concurrently executing prepared statements with Timestamp objects. * Bug#71084 (18028319), Wrong java.sql.Date stored if client and server time zones differ. * Bug#75080 (20217686), NullPointerException during setTimestamp on Fabric connection. * Bug#75168 (20204783), loadBalanceExceptionChecker interface cannot work using JDBC4/JDK7. * Bug#73595 (19465516), Replace usage of StringBuffer in JDBC driver. * Bug#18925727, SQL INJECTION IN MYSQL JDBC DRIVER. * Bug#74998 (20112694), readRemainingMultiPackets not computed correctly for rows larger than 16 MB. * Bug#73012 (19219158), Precedence between timezone options is unclear. * Implement support for connecting through SOCKS proxies (WL#8105). * Ant buildfile reworked to fix incompatibilities with latest Eclipse * Bug#18474141, TESTSUITE.FABRIC TEST CASES FAIL IF NO FABRIC.TESTSUITE PROPERTIES PROVIDED * Bug#19383371, CONNECT USING MYSQL_OLD_PASSWORD USER FAILS WHEN PWD IS BLANK * Bug#17441747, C/J DOESN'T SUPPORT XA RECOVER OUTPUT FORMAT CHANGED IN MYSQL 5.7. * Bug#19145408, Error messages may not be interpreted according to the proper character set * Bug#19505524, UNIT TEST SUITE DOES NOT CONSIDER ALL THE PARAMETERS PASSED TO BUILD.XML. * Bug#73474 (19365473), Invalid empty line in MANIFEST.MF * Bug#70436 (17527948), Incorrect mapping of windows timezone to Olson timezone. * Bug73163 (19171665), IndexOutOfBoundsException thrown preparing statement. * Added support for gb18030 character set * Bug#73663 (19479242), utf8mb4 does not work for connector/j >=5.1.13 * Bug#73594 (19450418), ClassCastException in MysqlXADataSource if pinGlobalTxToPhysicalConnection=true * Bug#19354014, changeUser() call results in "packets out of order" error when useCompression=true. * Bug#73577 (19443777), CHANGEUSER() CALL WITH USECOMPRESSION=TRUE COULD LEAD TO IO FREEZE * Bug#19172037, TEST FAILURES WHEN RUNNING AGAINST 5.6.20 SERVER VERSION * Bug#71923 (18344403), Incorrect generated keys if ON DUPLICATE KEY UPDATE not exact. * Bug#72502 (18691866), NullPointerException in isInterfaceJdbc() when using DynaTrace * Bug#72890 (18970520), Java jdbc driver returns incorrect return code when it's part of XA transaction. * Fabric client now supports Fabric 1.5. Older versions are no longer supported. * Bug#71672 (18232840), Every SQL statement is checked if it contains "ON DUPLICATE KEY UPDATE" or not. * Bug#73070 (19034681), Preparing a stored procedure call with Fabric results in an exception * Bug#73053 (19022745), Endless loop in MysqlIO.clearInputStream due to Linux kernel bug. * Bug#18869381, CHANGEUSER() FOR SHA USER RESULTS IN NULLPOINTEREXCEPTION * Bug#62577 (16722757), XA connection fails with ClassCastException * Bug#18852587, CONNECT WITH A USER CREATED USING SHA256_PASSWORD PLUGIN FAILS WHEN PWD IS BLANK * Bug#18852682, TEST TESTSHA256PASSWORDPLUGIN FAILS WHEN EXECUTE AGAINST COMMERCIAL SERVER * failing tests when running test suite with Java 6+. * Bug#72712 (18836319), No way to configure Connector JDBC to not do extra queries on connection \- Adjust log4j/log4j-mini dependencies to account for the lack of log4j12/log4jmini12 Provides in some code streams. Changes in javapackages-tools: \- Can't assume non-existence of python38 macros in Leap. gh#openSUSE/python-rpm-macros#107 Test for suse_version instead. Only Tumbleweed has and needs the python_subpackage_only support. * Fix typo in spec file sitearch -> sitelib * Fix the python subpackage generation gh#openSUSE/python-rpm-macros#79 * Support python subpackages for each flavor gh#openSUSE/python-rpm-macros#66 * Replace old nose with pytest gh#fedora-java/javapackages#86 * when building extra flavor, BuildRequire javapackages-filesystem: /etc/java is being cleaned out of the filesystems package. * Upgrade to version 5.3.1 * Define _rpmmacrodir for distributions that don't have it * Use %{_rpmmacrodir} instead of %{_libexecdir}/rpm/macros.d: this just happens to overlap in some distros. * Rename gradle-local and ivy-local to javapackages-gradle and javapackages- ivy and let them depend only on javapackages-tools and javapackages-local. These packages only install files produced during the javapackages-tools build. The dependencies will be pulled by gradle-local, ivy-local and maven- local meta-packages built in a separate spec file. * Split maven-local meta-package out of javapackages-tools spec file * Make the ivy-local and maven-local sub-packages depend on the right stuff, so that they actually can be used for building * Provide both com.sun:tools and sun.jdk:jconsole that are part of standard OpenJDK installation. These provides cannot be generated from metadata due to build sequence. * fix directories for eclipse.conf too * Make the javapackages-local package depend on java-devel. It is used for package building and this avoids each package to require java-devel itself. * Replace the occurences of /usr/lib by libdir in configuration files too * Update to version 5.3.0 * Modified patch: * Build the :extras flavour as noarch * we did not bump epoch of OpenJDK packages in SUSE * fix a potential generation of unresolvable requires * adapt the tests to not expect the epoch * Switch to multibuild layout * Update to version 5.2.0+git20180620.70fa2258: * Rename the async kwarg in call_script to wait (reverses the logic) * Actually bump version to 5.3.0 snapshot * Bump version in VERSION file * [man] s/Pacakge/Package/g * Fix typos in README * Fix configure-base.sh after filesystem macro split * Split filesystem macros to separate macro file * Introduce javapackages-filesystem package * [java-functions] extend ABRT Java agent options * change abrt-java-connector upstream URL * Remove resolverSettings/prefixes from XMvn config * Add macros to allow passing arbitrary options to XMvn * [spec] Bump package version to 5.1.0 * Allow specifying custom repo when calling xmvn-install * Update to version 5.0.0+git20180104.9367c8f6: * [java-functions] Avoid colons in jar names * Workaround for SCL enable scripts not working with -e * Second argument to pom_xpath_inject is mandatory * [mvn_artifact] Provide more helpful error messages * Fix traceback on corrupt zipfile * [test] Add reproducer for rhbz#1481005 * [spec] Fix default JRE path * [readme] Fix typo * Add initial content to README.md (#21) * Decouple JAVA_HOME setting from java command alternatives * Fix url to correct one https://github.com/fedora-java/javapackages * Split to python and non-python edition for smaller depgraph * Fix abs2rel shebang: * Fix Requires on subpackages to point to javapackages-tools proper * Update to version 4.7.0+git20170331.ef4057e7: * Reimplement abs2rel in Python * Don't expand {scl} in macro definitions * Install expanded rpmfc attr files * [spec] Avoid file conflicts between in SCL * Fix macros.d directory ownership * Make %ant macro enable SCL when needed * [spec] Fix file conflicts between SCL and non-SCL packages * Fix ownership of ivyxmldir * [test] Force locale for python processes * Don't include timestamp in generated pom.properties * We switch to /usr/lib/ location for macros * Try to reduce some dependencies bsc#1036025 * python-lxml 3.5.0 introduces validation for xml comments, and one of the comments created in this package were not valid. This patch fixes the problem. It backported from upstream and should be in the next release. https://github.com/mizdebsk/javapackages/commit/84211c0ee761e93ee507f5d37e9fc80ec377e89d * Version update to 4.6.0: * various bugfixes for maven tooling * introduction to gradle-local package for gradle packaging * Drop dependency over source-highlight as it causes build cycle * Try to break buildcycle detected on Factory * Fix build on SLE11 * Use python-devel instead of pkgconfig to build on sle11 * Add python-javapackages as requirement for main package * Update requires on python packages to properly have all the needed dependencies on runtime * Install macros to /etc/rpm as we do in SUSE: * Cleanup with spec-cleaner * Fix rpmlint errors * Enable maven-local * Avoid unsatisfiable dependencies * Enable unit tests * Update to version 4.4.0 * create directories for java, so that ant build works * Add virtual provide jpackage-utils-java9 to be able to distinguish the presence of java9 compatibility * fix bashisms * SLES patch for ZipFile, having no attribute ' **exit** ' which was causing ecj build failures * set correct libxslt package when building for SLES Changes in javassist: \+ Add OSGi manifest to the javassist.jar \- Allow building on systems that do not have java 9 or higher * Install and package the maven pom and metadata files * BuildRequire at least Java 9. This version uses APIs introduced in Java 9 * Replace old $RPM_* shell vars by macros. * Version update to 3.23.1: * 3.23.1 Github PR #171 * 3.23 Fix leaking file handlers in ClassPool and removed ClassPath.close(). Github issue #165 * 3.22 Java 9 supports. JIRA JASSIST-261. * Specify java target and source version 1.6 in order to allow building with jdk9 * fix javadoc errors that are fatal with jdk9 * Version update to 3.21.0: * various compiler settings * Require java >= 1.6 * Update to version 3.19.0 * Including a number of bug fixes and Java 8 supports. * Clean up specfile * Remove redundant %clean section * Build for java API 1.5 * Remove unzip requirement * Update home page and download source Urls Changes in protobuf: \- Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0\. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out- of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on "new" buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General * Support M1 (#8557) * Update to 3.15.8: * Fixed memory leak of Ruby arena objects (#8461) * update to 3.15.7: C++ * Remove the ::pb namespace (alias) (#8423) Ruby * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) * Can't assume non-existence of python38 macros in Leap. gh#openSUSE/python- rpm-macros#107 Test for suse_version instead. Only Tumbleweed has and needs the python_subpackage_only support. * update to 3.15.6: Ruby * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++ * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have "has" methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include "|null". (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have "has" methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C# * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) * Updated URL to https://github.com/protocolbuffers/protobuf * Update to v3.14.0 Protocol Compiler * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++ * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non- optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support "\u" escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python * Print google.protobuf.NullValue as null instead of "NULL_VALUE" when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/ **init**.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP * Added support for "==" to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally * from version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked "explicit" (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named "async" or "await". * Improved the error message when AttributeError is returned from **getattr** in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span<byte>` type internally * Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter<byte>` or to a `Span<byte>` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). * Fix the python subpackage generation gh#openSUSE/python-rpm-macros#79 * Support multiple python3 flavors gh#openSUSE/python-rpm-macros#66 * Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the "optional" field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) if p['result'] == "FAIL": * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++ * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an "optional" label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call "Class#new" over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript * Fix js message pivot selection (#6813) PHP * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C# * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the "GetOptions()" method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) * Python: Add requirement on python-six * Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal- only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations * Use tarball provided by upstream * Small package cleanup * Updated to version 3.9.2 (bsc#1162343) (Objective-C) * Remove OSReadLittle* due to alignment requirements. (#6678) * Don't use unions and instead use memcpy for the type swaps. (#6672) * Package also the protobuf-bom pom file * Update to new upstream release 3.9.1 * Optimized the implementation of RepeatedPtrFieldBase. * Added delimited parse and serialize util. * Added FieldDescriptor::PrintableNameForExtension() and DescriptorPool::FindExtensionByPrintableName(). The latter will replace Reflection::FindKnownExtensionByName(). * Created a new Add method in repeated field that allows adding a range of elements all at once. * Drop building wheel for Python 3.4. * Specify java source and target levels in order to build compatible protobuf- java binaries * Update to new upstream release 3.8.0 * Introduced new MOMI (maybe-outside-memory-interval) parser. * Added use of C++ override keyword where appropriate. * Always declare enums to be int-sized. * Append '_' to C++ reserved keywords for message, enum, extension. * Disable LTO (boo#1133277). * fixes build with Bazel 0.22.0. * Add protobuf-source package - some programs using gRPC and protobuf need protobuf definitions which are included inside the source code, but are not included in the devel package. * Add maven pom files to the protobuf-java package * update to version v3.6.1: * PHP namespaces for nested messages and enums (#4536) * Allows the json marshaller to be passed json marshal options (#4252) * Make sure to delete temporary maps used by FileDescriptorTables * fix python cpp kokoro build * Change C# reflection to avoid using expression trees * Updated checked-in generated code * Removed unused variables in repeated_scalar_container.cc * Removed unused code pertaining to shared_ptr * Include no_package.proto in Python test * Only check filenames when end with .py in _CalledFromGeneratedFile() (#4262) * Convert descriptortype to type for upb_msgval_sizeof (#4357) * Removed duplicate using statement from ReflectionUtil.cs * Add support for power ppc64le * Cat the test-suite.log on errors for presubits * Address review comments * Add third-party RPC implementation: raster - a network framework supports pbrpc by 'service' keyword. * Delete javanano kokoro build configs. * Updated Ruby conformance test failure list * Removed use of some type traits * Adopt php_metadata_namespace in php code generator (#4622) * Move to Xcode 9.3 which also means a High Sierra image. * Add protoc release script for Linux build. * protoc-artifacts: Avoid storing temporary files and use fewer layers * Rewrite go_benchmark * Add files to build ruby artifact for mac on kokoro (#4814) * Remove javanano. * Comment out unused command from release script. * Avoid direct check of class name (#4601) * The JsonParseOptions::ignore_unknown_fields option behavior treats * Fix php memory leak test (#4692) * Fix benchmark build * Add VS2017 optional component dependency details to the C# readme (#4128) * Fix initialization with Visual Studio * For windows, all python version should use /MT (#4468) * use brew install instead of easy_install in OSX (#4537) * Sync upb change (#4373) * Always add -std=c++11 for mac (#4684) * Add kokoro build status badges. * Removed unrecognized option from no_package.proto * Fixed up proto3_lite_unittest.cc * Update Xcode settings * Cleanup LICENSE file. * Remove js_embed binary. (#4709) * Fixed JS parsing of unspecified map keys * Update version number to 3.6.0 * Deliberately call simple code to avoid Unity linker pruning * Revert "Move `compiler/plugin.pb.cc` to libprotobuf with the other WKT sources." * protoc-artifacts: Use ENTRYPOINT to enable devtoolset-1.1 * MinGW build failed * Support using MSVC intrinsics in Log2FloorNonZero * Fix array constructor in c extension for compatibility (#4667) * Add space between class name and concat message (#4577) * fix python * Add performance.md and add instruction for linking tcmalloc * Add script for run and upload the benchmark result to bq * Add test for failing write of raw pointer to output stream * [objectivec] Fix memory leak of exceptions raised by RaiseException() (#4556) * Remove stray indent on normal imports. * Fix python ext build on kokoro (#4527) * Add compile test sources for to test include order. * Fixed a Visual Studio 2017 build error. (#4488) * fix linux kokoro build in docker * Fixes MSVC compiler warning C4800 "Forcing value to bool 'true' or 'false'" (#4350) * Updated Docker setup to use GCC 4.8 * Remove broken build status icons. * Run autogen.sh in release script. * Output *_pb2_grpc.py when use_grpc_plugin=True * Adopt ruby_package in ruby generated code. (#4627) * Cygwin build failed * Work around an "old runtime" issue with reflection * Added Kokoro protoc release build for OS X (#4770) * Updated change log for 3.6.1 release * Move methods out of class (#4697) * Fix to allow AOT compilers to play nicely with reflection * Update Makefile.am for Java lite files. * Added map_lite_test.proto to fix LiteTest * Introduce a compatiblity shim to support .NET 3.5 delegate creation * Revert "Removed mention of Buffer in byteSourceToUint8Array" * Add gogo benchmark * Set ext.no_native = true for non mac platform * Removed atomicops.h since it is no longer used * Rename a shadowed variable. * Add kokoro bazel configs for 3.6.x branch. * Deleted scoped_ptr.h * Check the message to be encoded is the wrong type. (#4885) (#4949) * protoc-artifacts: Avoid checking out protobuf code * Add conformance test for null value in list JSON * Build ruby gem on kokoro (#4819) * Try using a new version of Visual Studio on AppVeyor * Make ruby release configs consistent with protoc. * fix for API change in PHP 7.3 (#4898) * Add .proto files to extract_includes.bat * Update protoc build scripts. * Blacklist all WELL_KNOWN_PROTOS from Bazel C++ code generation. * Additional support for building and deploying ppcle_64 artifacts * Fix php tests * Cleanup + documentation for Java Lite runtime. * Added Kokoro Windows release build config for protoc (#4766) * typo * fix golang kokoro linux build * Fix spelling error of **GNUC_MINOR** * Update code to work for Xcode 10b1 (#4729) * Added pyext/thread_unsafe_shared_ptr.h * Added missing .inc files to BUILD * js message support for jstype string on integers (#4332) * Improve error message when googletest is missing. * Make assertEquals pass for message (#4947) * Sync internal benchmark changes * Removed some unused C++ source files * Fix missing LIBPROTOC_EXPORT. * Added new test source files to Makefile.am * Update php version to 3.6.0 (#4736) * Fix RepeatedField#delete_if (#4292) * Merge branch (#4466) * Implement array constructor in php c extension. * protoc-artifacts: Update centos base from 6.6 to 6.9 * PHP array constructors for protobuf messages (#4530) * Fix problem: cmake build failed in c++11 by clang * Don't assume Windows builds use MSVC. * Use legacy name in php runtime (#4741) * Add file option php_metadata_namespace and ruby_package (#4609) * Fix cpp benchmark dependency on mac * Use the first enum value instead of 0 in DefaultValueObjectWriter::FindEnumDefault * Check return value on write of raw pointer * Delete unused directories. * Replace //:protoc and similar default macro arguments with * Add extra C# file to Makefile.am * includes the expected class in the exception, otherwise the error is harder to track down (#3371) * Update instructions about getting protobuf source. * Add cpp tests under release docker image. * fix java benchmark, fix dashboard build * `update_file_lists.sh` depends on Bash features, thus needs Bash sebang. * Rename build_artifacts.cfg to release.cfg (#4818) * Fix bug: whether always_print_enums_as_ints is true or false, it always print the default value of enums as strings * source code info for interpreted options; fix source code info for extension range options (#4342) * Updated version numbers to 3.6.1 * Trim imports for bundled generated protos. * Require C++11 and pass -std=c++11 * Remove the iOS Test App. * fix duplicate mkdir in update_file_lists.sh * Updated csharp/README.md to reflect testing changes * Fix bazel build of examples. * Add missing ruby/tests/test_ruby_package.proto * Fix cpp_distcheck * Updated the change log with changes for 3.6.0 * some fix * CMake: Update CXX Standard management * Add the files added in #4485. * Change to deal all messages in one loop * Fix php conformance test. * Add **init**.py files to compiler and util subpackages (#4117) * Updated .gitignore to exclude downloaded gmock/ directory * Fix error in Clang UndefinedBehaviorSanitizer * Work around MSVC issue with std::atomic initialization (#4777) * Updated conformance failure lists * Add back GeneratedClassName to public (#4686) * Add continuous test for ruby 2.3, 2.4 and 2.5 (#4829) * Throw error if user want to access message properties (#4603) * fix json_decode call parameters (#4381) * Move `compiler/plugin.pb.cc` to libprotobuf with the other WKT sources. * PHP: fixed typo in message.c * Add go benchmark * Allow list values to be null when parsing * Added instruction for existing ZLIB configuration * Fix 32bit php tests * Removed javanano from post_process_dist.sh * Don't generate imports for the WKTs unless generating the WKTs. * For encoding upb needs descriptor type instead of type. (#4354) * Include googletest as a submodule (#3993) * Write messages to backing field in generated C# cloning code (#4440) * Integrated internal changes from Google * bump soname version update to version v3.5.2: * Update release date * Disable pip cache when testing uploaded packages * Replace private timelib_update_ts with public date_timestamp_get * Remove py2.6 support. * Cherrypick for csharp, including: * Update changelog * Update changelog for 3.5.1 * Fix uploading binary wheel. * Fix memory leak when creating map field via array. * Update rake file to build of 2.1.6. * Avoid using php_date_get_date_ce() in case date extension is not * Update protoc-artfacts * Fix string::back() usage in googletest.cc * Fix memory leak in php7 * Support ruby2.5 * io_win32: support non-ASCII paths * Explicitly propagate the status of Flush(). * Add discard unknown API in ruby. (#3990) * Update version for 3.5.0.post1 * remove nullptr * Fix more memory leak for php c extension (#4211) * Bumping number to fix ruby 2.1 on mac * io_win32_unittest: remove incorrect error check * Fix memory leak when creating repeated field via array. * Update version number for php c extension (#3896) * Fix file permission for python package. * Create containing directory before generating well_known_types_embed.cc * Replace C++11 only method std::map::at * Recursively clear unknown fields in submessages. (#3982) * Update version number to 3.5.1 * io_win32_unittest: fix condition in GetCwdAsUtf8 * Add release log * io_win32_unittest: use CWD as last tempdir * Add PROTOBUF_ENABLE_TIMESTAMP to let user decide whether timestamp util * Add support for Windows ARM64 build * Add protobuf-all in post release * Use fully qualifed name for DescriptorPool in Any.php to avoid name (#3886) * Add _file_desc_by_toplevel_extension back * Fix setup.py for windows build. * io_win32_unittest: make //:win32_test run again * Provide discardUnknonwnFields API in php (#3976) * Update php c extension version number to 3.5.0.1 * Fix ruby gc_test in ruby 2.4 (#4011) * Remove duplicate typedef. (#3975) * Accept DatetimeInterface in fromDatetime * io_win32: add more encoding-related tests * Bump version number to 3.5.2 * Bump protoc-artifact version for a patch rebuild * Call php method via function name instead of calling directly. * Well known types are not initialized properly. (#4139) * Use matching enum type for IsPOD. * Fix several more memory leak * Fix for php5.5 * Add backslach to make class explict in global namespace * Fix compile error undefined reference to `google::protobuf::internal::Release_CompareAndSwap(long volatile*, long, long)' on s390x https://github.com/google/protobuf/issues/3937 * Conditionalize python2 and python3 in order to be able to build without python2 present in distribution * Use singlespec macros to simplify the logic * Run fdupes on python modules to avoid duplicates * Remove shebangs from import-only code * Update to new upstream release 3.5.0 * Proto3 messages are now preserving unknown fields by default. If you rely on unknowns fields being dropped, use DiscardUnknownFields() explicitly. * Deprecated the unsafe_arena_release_ _and unsafe_arena_add_allocated__ methods for string fields. * Added move constructor and move assignment to RepeatedField, RepeatedPtrField and google::protobuf::Any. * Added perfect forwarding in Arena::CreateMessage. * In-progress experimental support for implicit weak fields with lite protos. This feature allows the linker to strip out more unused messages and reduce binary size. * Rename %soname to %sover to better reflect its use. * Install LICENSE * Update to 3.3.0 : * C++: * Fixed map fields serialization of DynamicMessage to correctly serialize both key and value regardless of their presence. * Parser now rejects field number 0 correctly. * New API Message::SpaceUsedLong() that?s equivalent to Message::SpaceUsed() but returns the value in size_t. * JSON support * New flag always_print_enums_as_ints in JsonPrintOptions. * New flag preserve_proto_field_names in JsonPrintOptions. It will instruct the JSON printer to use the original field name declared in the .proto file instead of converting them to lowerCamelCase when printing JSON. * JsonPrintOptions.always_print_primtive_fields now works for oneof message fields. * Fixed a bug that doesn?t allow different fields to set the same json_name value. * Fixed a performance bug that causes excessive memory copy when printing large messages. * Various performance optimizations. * Java: * Map field setters eagerly validate inputs and throw NullPointerExceptions as appropriate. * Added ByteBuffer overloads to the generated parsing methods and the Parser interface. * proto3 enum's getNumber() method now throws on UNRECOGNIZED values. * Output of JsonFormat is now locale independent. * Python: * Added FindServiceByName() in the pure-Python DescriptorPool. This works only for descriptors added with DescriptorPool.Add(). Generated descriptor_pool does not support this yet. * Added a descriptor_pool parameter for parsing Any in text_format.Parse(). * descriptor_pool.FindFileContainingSymbol() now is able to find nested extensions. * Extending empty [] to repeated field now sets parent message presence. * Update to 3.2.0 : * Added protoc version number to protoc plugin protocol. It can be used by protoc plugin to detect which version of protoc is used with the plugin and mitigate known problems in certain version of protoc. * C++: * The default parsing byte size limit has been raised from 64MB to 2GB. * Added rvalue setters for non-arena string fields. * Enabled debug logging for Android. * Fixed a double-free problem when using Reflection::SetAllocatedMessage() with extension fields. * Fixed several deterministic serialization bugs: * MessageLite::SerializeAsString() now respects the global deterministic serialization flag. * Extension fields are serialized deterministically as well. Fixed protocol compiler to correctly report importing-self as an error. * Fixed FileDescriptor::DebugString() to print custom options correctly. * Various performance/codesize optimizations and cleanups. * Java: * The default parsing byte size limit has been raised from 64MB to 2GB. * Added recursion limit when parsing JSON. * Fixed a bug that enumType.getDescriptor().getOptions() doesn't have custom options. * Fixed generated code to support field numbers up to 2^29-1. * Python: * You can now assign NumPy scalars/arrays (np.int32, np.int64) to protobuf fields, and assigning other numeric types has been optimized for performance. * Pure-Python: message types are now garbage-collectable. * Python/C++: a lot of internal cleanup/refactoring. * Increase soname to 13 * Generate python2-protobuf and python3-protobuf packages in Factory * Make the python2-protobuf package provide and obsolete python-protobuf to make the transition smooth in Tumbleweed * Fix an issue with setup.py where some files are built on the first invocation, but only copied on the second. This resulted in an incomplete protobuf-python package. * Update to protobuf v3.1.0. Protobuf v3.0.0 introduceced a new version of the protocol buffer language, proto3, which supersedes proto2. The protoc compiler is able to read old proto2 protocol definitions, and defaults to the proto2 syntax if a syntax is not specified, thus packages can be recompiled to link to the new library. For backwards compatibility, the old library version is available from the protobuf2 package. As the API for proto2 is not compatible to the proto3 API, proto3 should only be used for new Protocol Buffers, whereas current users are advised to keep using proto2. For a detailed list of changes, see https://github.com/google/protobuf/releases * Use py_sitedir for library installation with setup.py install * Drop protobuf-libs as it is just workaround for rpmlint issue * Cleanup specfile: * remove any conditionals for versions predating SLES 12/Leap 42.x * add Provides: protobuf-libs to fix rpmlint warning Changes in python-python-gflags: \- Don't provide python2-gflags, singlespec packages should use correct name. * Provide python-gflags in the python2 package * Fix URL. * Update to version 3.1.1 * Added PEP8 style method/function aliases. * Update to version 3.1.0 * Python3 compatibility * Removed UnrecognizedFlag exception. * Replaced flags.DuplicateFlag with flags.DuplicateFlagError. * Moved the validators.Error class to exceptions.ValidationError. * Renamed IllegalFlagValue to IllegalFlagValueError. * Removed MutualExclusionValidator class, in favor of flags.MarkFlagsAsMutualExclusive. * Removed FlagValues.AddValidator method. * Removed _helpers.GetMainModule. * Use xml.dom.minidom to create XML strings, instead of manual crafting. * Declared PEP8-style names. * Added examples. * Update to version 3.0.7 * Removed the unused method ShortestUniquePrefixes. * Removed _GetCallingModule function alias. * Update to version 3.0.6 * Declared pypi package classifiers. * Added support for CLIF flag processing (not included in python-gflags repo yet). * Update to version 3.0.5 * Added a warning when FLAGS.SetDefault is used after flags were parsed. * Added new function: MarkFlagsAsRequired. * Update to version 3.0.4 * One more fix for setup.py - this time about third_party package. * Update to version 3.0.3 * Fixed setup.py. * \--noflag if argument is given is no longer allowed. * Python3 compatibility: removed need for cgi import. * Disallowed unparsed flag usage after FLAGS.Reset() * Update to version 3.0.2 * Fix MANIFEST.in to include all relevant files. * Update to version 3.0.1 * Some changes for python3 compatibility. * Automatically generate ordering operations for Flag. * Add optional comma compatibility to whitespace-separated list flags. * A lot of potentially backwards incompatible changes since 2.0. * This version is NOT recommended to use in production. Some of the files and documentation has been lost during export; this will be fixed in next versions. * Fix source URL * Implement single-spec version ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3187=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3187=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3187=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * javapackages-filesystem-5.3.1-14.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * javapackages-filesystem-5.3.1-14.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * javapackages-filesystem-5.3.1-14.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1036025 * https://bugzilla.suse.com/show_bug.cgi?id=1133277 * https://bugzilla.suse.com/show_bug.cgi?id=1162343 * https://jira.suse.com/browse/SOC-11543 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 12:30:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 12:30:40 -0000 Subject: SUSE-RU-2023:3200-1: important: Recommended update for libnvme, nvme-cli Message-ID: <169115224037.32420.2667135149135632749@smelt2.suse.de> # Recommended update for libnvme, nvme-cli Announcement ID: SUSE-RU-2023:3200-1 Rating: important References: * #1124564 * #1212598 * #1213527 * #1213618 * #1213686 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has five recommended fixes can now be installed. ## Description: This update for libnvme, nvme-cli fixes the following issues: * Update to version 1.4+27.g5ae1c3 * Add getter for subsystem iopolicy (bsc#1124564) * nvme list command improvements (bsc#bsc#1212598) * Don't open nvme devices until it's absolutely required (bsc#1213527, bsc#1213686) * Check genctr after getting discovery entries (bsc#1213618) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3200=1 openSUSE-SLE-15.5-2023-3200=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3200=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nvme-cli-2.4+24.ga1ee20-150500.4.6.1 * libnvme-debuginfo-1.4+27.g5ae1c3-150500.4.6.1 * libnvme-devel-1.4+27.g5ae1c3-150500.4.6.1 * libnvme-debugsource-1.4+27.g5ae1c3-150500.4.6.1 * libnvme1-1.4+27.g5ae1c3-150500.4.6.1 * libnvme-mi1-1.4+27.g5ae1c3-150500.4.6.1 * nvme-cli-debugsource-2.4+24.ga1ee20-150500.4.6.1 * python3-libnvme-debuginfo-1.4+27.g5ae1c3-150500.4.6.1 * python3-libnvme-1.4+27.g5ae1c3-150500.4.6.1 * libnvme-mi1-debuginfo-1.4+27.g5ae1c3-150500.4.6.1 * nvme-cli-debuginfo-2.4+24.ga1ee20-150500.4.6.1 * libnvme1-debuginfo-1.4+27.g5ae1c3-150500.4.6.1 * openSUSE Leap 15.5 (noarch) * nvme-cli-bash-completion-2.4+24.ga1ee20-150500.4.6.1 * nvme-cli-regress-script-2.4+24.ga1ee20-150500.4.6.1 * nvme-cli-zsh-completion-2.4+24.ga1ee20-150500.4.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nvme-cli-2.4+24.ga1ee20-150500.4.6.1 * libnvme-debuginfo-1.4+27.g5ae1c3-150500.4.6.1 * libnvme-devel-1.4+27.g5ae1c3-150500.4.6.1 * libnvme-debugsource-1.4+27.g5ae1c3-150500.4.6.1 * libnvme1-1.4+27.g5ae1c3-150500.4.6.1 * libnvme-mi1-1.4+27.g5ae1c3-150500.4.6.1 * nvme-cli-debugsource-2.4+24.ga1ee20-150500.4.6.1 * python3-libnvme-debuginfo-1.4+27.g5ae1c3-150500.4.6.1 * python3-libnvme-1.4+27.g5ae1c3-150500.4.6.1 * libnvme-mi1-debuginfo-1.4+27.g5ae1c3-150500.4.6.1 * nvme-cli-debuginfo-2.4+24.ga1ee20-150500.4.6.1 * libnvme1-debuginfo-1.4+27.g5ae1c3-150500.4.6.1 * Basesystem Module 15-SP5 (noarch) * nvme-cli-bash-completion-2.4+24.ga1ee20-150500.4.6.1 * nvme-cli-zsh-completion-2.4+24.ga1ee20-150500.4.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1124564 * https://bugzilla.suse.com/show_bug.cgi?id=1212598 * https://bugzilla.suse.com/show_bug.cgi?id=1213527 * https://bugzilla.suse.com/show_bug.cgi?id=1213618 * https://bugzilla.suse.com/show_bug.cgi?id=1213686 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 12:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 12:30:43 -0000 Subject: SUSE-RU-2023:3199-1: important: Recommended update for libnvme, nvme-cli Message-ID: <169115224332.32420.14286222042939574734@smelt2.suse.de> # Recommended update for libnvme, nvme-cli Announcement ID: SUSE-RU-2023:3199-1 Rating: important References: * #1124564 * #1212598 * #1213527 * #1213618 * #1213644 * #1213686 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has six recommended fixes can now be installed. ## Description: This update for libnvme, nvme-cli fixes the following issues: * Update to version 1.0+48.g64a3e9: * Add getter for subsystem iopolicy (bsc#1124564) * Avoid warning in 'list-subsys' (bsc#1212598) * Update Get Log Page code (bsc#1213618) * Fix counter while looping through uuid_list (bsc#1213644) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3199=1 openSUSE-SLE-15.4-2023-3199=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3199=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3199=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3199=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3199=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3199=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3199=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3199=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * nvme-cli-2.0+47.ga43da6-150400.3.21.1 * libnvme-debugsource-1.0+48.g707b7a-150400.3.24.1 * python3-libnvme-1.0+48.g707b7a-150400.3.24.1 * libnvme1-debuginfo-1.0+48.g707b7a-150400.3.24.1 * python3-libnvme-debuginfo-1.0+48.g707b7a-150400.3.24.1 * nvme-cli-regress-script-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-debugsource-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-bash-completion-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-debuginfo-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-zsh-completion-2.0+47.ga43da6-150400.3.21.1 * libnvme-debuginfo-1.0+48.g707b7a-150400.3.24.1 * libnvme-devel-1.0+48.g707b7a-150400.3.24.1 * libnvme1-1.0+48.g707b7a-150400.3.24.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * nvme-cli-2.0+47.ga43da6-150400.3.21.1 * libnvme-debugsource-1.0+48.g707b7a-150400.3.24.1 * libnvme1-debuginfo-1.0+48.g707b7a-150400.3.24.1 * nvme-cli-debugsource-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-debuginfo-2.0+47.ga43da6-150400.3.21.1 * libnvme-debuginfo-1.0+48.g707b7a-150400.3.24.1 * libnvme1-1.0+48.g707b7a-150400.3.24.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * nvme-cli-2.0+47.ga43da6-150400.3.21.1 * libnvme-debugsource-1.0+48.g707b7a-150400.3.24.1 * libnvme1-debuginfo-1.0+48.g707b7a-150400.3.24.1 * nvme-cli-debugsource-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-debuginfo-2.0+47.ga43da6-150400.3.21.1 * libnvme-debuginfo-1.0+48.g707b7a-150400.3.24.1 * libnvme1-1.0+48.g707b7a-150400.3.24.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * nvme-cli-2.0+47.ga43da6-150400.3.21.1 * libnvme-debugsource-1.0+48.g707b7a-150400.3.24.1 * libnvme1-debuginfo-1.0+48.g707b7a-150400.3.24.1 * nvme-cli-debugsource-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-debuginfo-2.0+47.ga43da6-150400.3.21.1 * libnvme-debuginfo-1.0+48.g707b7a-150400.3.24.1 * libnvme1-1.0+48.g707b7a-150400.3.24.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * nvme-cli-2.0+47.ga43da6-150400.3.21.1 * libnvme-debugsource-1.0+48.g707b7a-150400.3.24.1 * libnvme1-debuginfo-1.0+48.g707b7a-150400.3.24.1 * nvme-cli-debugsource-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-debuginfo-2.0+47.ga43da6-150400.3.21.1 * libnvme-debuginfo-1.0+48.g707b7a-150400.3.24.1 * libnvme1-1.0+48.g707b7a-150400.3.24.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * nvme-cli-2.0+47.ga43da6-150400.3.21.1 * libnvme-debugsource-1.0+48.g707b7a-150400.3.24.1 * libnvme1-debuginfo-1.0+48.g707b7a-150400.3.24.1 * nvme-cli-debugsource-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-debuginfo-2.0+47.ga43da6-150400.3.21.1 * libnvme-debuginfo-1.0+48.g707b7a-150400.3.24.1 * libnvme1-1.0+48.g707b7a-150400.3.24.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * nvme-cli-2.0+47.ga43da6-150400.3.21.1 * libnvme-debugsource-1.0+48.g707b7a-150400.3.24.1 * libnvme1-debuginfo-1.0+48.g707b7a-150400.3.24.1 * nvme-cli-debugsource-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-debuginfo-2.0+47.ga43da6-150400.3.21.1 * libnvme-debuginfo-1.0+48.g707b7a-150400.3.24.1 * libnvme1-1.0+48.g707b7a-150400.3.24.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nvme-cli-2.0+47.ga43da6-150400.3.21.1 * libnvme-debugsource-1.0+48.g707b7a-150400.3.24.1 * python3-libnvme-1.0+48.g707b7a-150400.3.24.1 * libnvme1-debuginfo-1.0+48.g707b7a-150400.3.24.1 * python3-libnvme-debuginfo-1.0+48.g707b7a-150400.3.24.1 * nvme-cli-debugsource-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-bash-completion-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-debuginfo-2.0+47.ga43da6-150400.3.21.1 * nvme-cli-zsh-completion-2.0+47.ga43da6-150400.3.21.1 * libnvme-debuginfo-1.0+48.g707b7a-150400.3.24.1 * libnvme-devel-1.0+48.g707b7a-150400.3.24.1 * libnvme1-1.0+48.g707b7a-150400.3.24.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1124564 * https://bugzilla.suse.com/show_bug.cgi?id=1212598 * https://bugzilla.suse.com/show_bug.cgi?id=1213527 * https://bugzilla.suse.com/show_bug.cgi?id=1213618 * https://bugzilla.suse.com/show_bug.cgi?id=1213644 * https://bugzilla.suse.com/show_bug.cgi?id=1213686 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 12:30:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 12:30:46 -0000 Subject: SUSE-RU-2023:3198-1: important: Recommended update for scap-security-guide Message-ID: <169115224615.32420.11602778725546776446@smelt2.suse.de> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:3198-1 Rating: important References: * #1213691 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for scap-security-guide fixes the following issues: * Revert change to rule aide_periodic_cron_checking that broke SUSE Linux Enterprise hardening aide part that has incorrect dependencies (bsc#1213691) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3198=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3198=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3198=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * scap-security-guide-ubuntu-0.1.68-9.12.1 * scap-security-guide-redhat-0.1.68-9.12.1 * scap-security-guide-0.1.68-9.12.1 * scap-security-guide-debian-0.1.68-9.12.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * scap-security-guide-ubuntu-0.1.68-9.12.1 * scap-security-guide-redhat-0.1.68-9.12.1 * scap-security-guide-0.1.68-9.12.1 * scap-security-guide-debian-0.1.68-9.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * scap-security-guide-ubuntu-0.1.68-9.12.1 * scap-security-guide-redhat-0.1.68-9.12.1 * scap-security-guide-0.1.68-9.12.1 * scap-security-guide-debian-0.1.68-9.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213691 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 12:30:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 12:30:49 -0000 Subject: SUSE-RU-2023:3197-1: moderate: Recommended update for google-guest-agent, google-guest-configs, google-osconfig-agent Message-ID: <169115224958.32420.10070724117346699260@smelt2.suse.de> # Recommended update for google-guest-agent, google-guest-configs, google- osconfig-agent Announcement ID: SUSE-RU-2023:3197-1 Rating: moderate References: * #1212418 * #1212759 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for google-guest-agent, google-guest-configs, google-osconfig-agent fixes the following issues: * Update to version 20230601.00 (bsc#1212418, bsc#1212759) * Don't block google-osconfig-agent (#213) * Avoid conflict with automated package updates (#212) * Add a support of TrustedUserCAKeys into sshd configuration (#206) * Add a new dracut module for gcp udev rules (#53) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3197=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3197=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3197=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3197=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3197=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3197=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3197=1 ## Package List: * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230706.02-150000.1.30.1 * google-guest-agent-20230601.00-150000.1.37.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230706.02-150000.1.30.1 * google-guest-agent-20230601.00-150000.1.37.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230706.02-150000.1.30.1 * google-guest-agent-20230601.00-150000.1.37.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230706.02-150000.1.30.1 * google-guest-agent-20230601.00-150000.1.37.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230706.02-150000.1.30.1 * google-guest-agent-20230601.00-150000.1.37.1 * Public Cloud Module 15-SP1 (noarch) * google-guest-configs-20230626.00-150000.1.25.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230706.02-150000.1.30.1 * google-guest-agent-20230601.00-150000.1.37.1 * Public Cloud Module 15-SP2 (noarch) * google-guest-configs-20230626.00-150000.1.25.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * google-osconfig-agent-20230706.02-150000.1.30.1 * google-guest-agent-20230601.00-150000.1.37.1 * Public Cloud Module 15-SP3 (noarch) * google-guest-configs-20230626.00-150000.1.25.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212418 * https://bugzilla.suse.com/show_bug.cgi?id=1212759 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 12:30:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 12:30:51 -0000 Subject: SUSE-RU-2023:3196-1: moderate: Recommended update for protobuf-c Message-ID: <169115225187.32420.8496177939717430845@smelt2.suse.de> # Recommended update for protobuf-c Announcement ID: SUSE-RU-2023:3196-1 Rating: moderate References: * #1213443 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for protobuf-c fixes the following issues: * Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3196=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3196=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3196=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3196=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3196=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3196=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3196=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3196=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3196=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3196=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3196=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3196=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3196=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3196=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3196=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3196=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3196=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Manager Proxy 4.2 (x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libprotobuf-c-devel-1.3.2-150200.3.6.1 * protobuf-c-debugsource-1.3.2-150200.3.6.1 * protobuf-c-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-debuginfo-1.3.2-150200.3.6.1 * libprotobuf-c1-1.3.2-150200.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213443 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 4 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 04 Aug 2023 16:30:01 -0000 Subject: SUSE-RU-2023:3201-1: moderate: Recommended update for kernel-firmware-nvidia-gsp-G06, nvidia-open-driver-G06-signed Message-ID: <169116660199.5191.9952830980491754308@smelt2.suse.de> # Recommended update for kernel-firmware-nvidia-gsp-G06, nvidia-open- driver-G06-signed Announcement ID: SUSE-RU-2023:3201-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature can now be installed. ## Description: This update for kernel-firmware-nvidia-gsp-G06 fixes the following issue: Kernel driver nvidia-open-driver-G06-signed updated to 535.86.05 NVIDIA firmware was updated to version 535.86.05 * gsp_ad10x.bin has been renamed to gsp_ga10x.bin * no longer package libnvidia-ml and nvidia-smi * added "Provides: multiversion(kernel)" ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3201=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3201=1 openSUSE-SLE-15.5-2023-3201=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3201=1 ## Package List: * Public Cloud Module 15-SP5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.86.05_k5.14.21_150500.33.6-150500.3.7.2 * nvidia-open-driver-G06-signed-kmp-azure-535.86.05_k5.14.21_150500.33.6-150500.3.7.2 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.86.05-150500.11.3.1 * openSUSE Leap 15.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-535.86.05_k5.14.21_150500.55.7-150500.3.7.2 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.86.05_k5.14.21_150500.55.7-150500.3.7.2 * nvidia-open-driver-G06-signed-debugsource-535.86.05-150500.3.7.2 * openSUSE Leap 15.5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.86.05_k5.14.21_150500.33.6-150500.3.7.2 * nvidia-open-driver-G06-signed-kmp-azure-535.86.05_k5.14.21_150500.33.6-150500.3.7.2 * openSUSE Leap 15.5 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-535.86.05_k5.14.21_150500.55.7-150500.3.7.2 * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.86.05_k5.14.21_150500.55.7-150500.3.7.2 * Basesystem Module 15-SP5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-535.86.05-150500.11.3.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-535.86.05_k5.14.21_150500.55.7-150500.3.7.2 * nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.86.05_k5.14.21_150500.55.7-150500.3.7.2 ## References: * https://jira.suse.com/browse/SLE-24532 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Aug 5 07:05:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Aug 2023 09:05:18 +0200 (CEST) Subject: SUSE-CU-2023:2522-1: Security update of suse/sle15 Message-ID: <20230805070518.46874FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2522-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.323 Container Release : 9.5.323 Severity : moderate Type : security References : 1201627 1207534 1213487 CVE-2022-4304 CVE-2023-3446 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3179-1 Released: Thu Aug 3 13:59:38 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.72.1 updated - libopenssl1_1-1.1.1d-150200.11.72.1 updated - openssl-1_1-1.1.1d-150200.11.72.1 updated From sle-updates at lists.suse.com Sat Aug 5 07:07:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Aug 2023 09:07:11 +0200 (CEST) Subject: SUSE-CU-2023:2523-1: Security update of suse/sle15 Message-ID: <20230805070711.BA82FFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2523-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.163 , suse/sle15:15.3 , suse/sle15:15.3.17.20.163 Container Release : 17.20.163 Severity : moderate Type : security References : 1201627 1207534 1213487 CVE-2022-4304 CVE-2023-3446 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3179-1 Released: Thu Aug 3 13:59:38 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.72.1 updated - libopenssl1_1-1.1.1d-150200.11.72.1 updated - openssl-1_1-1.1.1d-150200.11.72.1 updated From sle-updates at lists.suse.com Sat Aug 5 07:07:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Aug 2023 09:07:27 +0200 (CEST) Subject: SUSE-CU-2023:2524-1: Security update of bci/golang Message-ID: <20230805070727.6948BFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2524-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.8.23 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.8.23 Container Release : 8.23 Severity : important Type : security References : 1206346 1213880 CVE-2023-29409 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3181-1 Released: Thu Aug 3 21:34:12 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1213880,CVE-2023-29409 This update for go1.20 fixes the following issues: - Update to go v1.20.7 (released 2023-08-01) (bsc#1206346) - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) The following package changes have been done: - go1.20-1.20.7-150000.1.20.1 updated From sle-updates at lists.suse.com Sun Aug 6 07:02:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Aug 2023 09:02:00 +0200 (CEST) Subject: SUSE-IU-2023:548-1: Security update of suse-sles-15-sp4-chost-byos-v20230803-x86_64-gen2 Message-ID: <20230806070200.33E4EFD9F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230803-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:548-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230803-x86_64-gen2:20230803 Image Release : Severity : important Type : security References : 1065729 1089497 1150305 1152472 1152489 1157881 1160435 1186673 1187829 1189998 1193629 1194557 1194869 1194869 1200710 1201399 1203300 1205758 1206447 1206674 1206798 1207894 1208003 1208410 1208600 1208721 1208788 1209039 1209229 1209367 1209536 1209859 1210004 1210335 1210565 1210584 1210799 1210853 1210999 1211026 1211243 1211299 1211346 1211387 1211410 1211449 1211674 1211796 1211811 1211828 1211852 1211867 1212051 1212126 1212129 1212154 1212155 1212158 1212260 1212265 1212301 1212350 1212448 1212494 1212495 1212504 1212513 1212540 1212561 1212563 1212564 1212584 1212592 1212603 1212605 1212606 1212619 1212623 1212701 1212741 1212756 1212835 1212838 1212842 1212846 1212861 1212869 1212892 1212905 1213004 1213008 1213010 1213011 1213012 1213013 1213014 1213015 1213016 1213017 1213018 1213019 1213020 1213021 1213024 1213025 1213032 1213034 1213035 1213036 1213037 1213038 1213039 1213040 1213041 1213059 1213061 1213087 1213088 1213089 1213090 1213092 1213093 1213094 1213095 1213096 1213098 1213099 1213100 1213102 1213103 1213104 1213105 1213106 1213107 1213108 1213109 1213110 1213111 1213112 1213113 1213114 1213134 1213171 1213172 1213173 1213174 1213237 1213245 1213247 1213252 1213258 1213259 1213263 1213264 1213286 1213384 1213487 1213504 1213523 1213524 1213543 1213705 CVE-2022-2127 CVE-2023-1077 CVE-2023-1249 CVE-2023-1829 CVE-2023-20593 CVE-2023-21102 CVE-2023-2985 CVE-2023-3090 CVE-2023-3111 CVE-2023-3117 CVE-2023-31248 CVE-2023-3141 CVE-2023-31484 CVE-2023-3161 CVE-2023-32001 CVE-2023-3212 CVE-2023-32681 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 CVE-2023-3390 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-34969 CVE-2023-35001 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-35829 CVE-2023-3812 CVE-2023-38408 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230803-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2820-1 Released: Thu Jul 13 11:20:27 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1152472,1152489,1160435,1187829,1189998,1194869,1205758,1208410,1208600,1209039,1209367,1210335,1211299,1211346,1211387,1211410,1211449,1211796,1211852,1212051,1212129,1212154,1212155,1212158,1212265,1212350,1212448,1212494,1212495,1212504,1212513,1212540,1212561,1212563,1212564,1212584,1212592,1212603,1212605,1212606,1212619,1212701,1212741,1212835,1212838,1212842,1212861,1212869,1212892,CVE-2023-1077,CVE-2023-1249,CVE-2023-1829,CVE-2023-21102,CVE-2023-3090,CVE-2023-3111,CVE-2023-3141,CVE-2023-3161,CVE-2023-3212,CVE-2023-3357,CVE-2023-3358,CVE-2023-3389,CVE-2023-35788,CVE-2023-35823,CVE-2023-35828,CVE-2023-35829 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: - Drop dvb-core fix patch due to a bug (bsc#1205758). - Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796). - Generalize kernel-doc build requirements. - Get module prefix from kmod (bsc#1212835). - Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). - Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes). - Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes). - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253). - acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - affs: initialize fsdata in affs_truncate() (git-fixes). - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - alsa: oss: avoid missing-prototype warnings (git-fixes). - alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - arm: dts: vexpress: add missing cache properties (git-fixes). - asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - asoc: dwc: limit the number of overrun messages (git-fixes). - asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - asoc: soc-pcm: test if a BE can be prepared (git-fixes). - asoc: ssm2602: Add workaround for playback distortions (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). - bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - bluetooth: hci_qca: fix debugfs registration (git-fixes). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - eeprom: at24: also select REGMAP (git-fixes). - elf: correct note name comment (git-fixes). - ext4: unconditionally enable the i_version counter (bsc#1211299). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read() - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357). - hid: google: add jewel USB id (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Fix possible system crash when loading module (git-fixes). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: fix open count when closing inhibited device (git-fixes). - input: psmouse - fix OOB access in Elantech protocol (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389). - ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - jfs: Fix fortify moan in symlink (git-fixes). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm: arm64: Do not hypercall before EL2 init (git-fixes) - kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - kvm: arm64: Save PSTATE early on exit (git-fixes) - kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - meson saradc: fix clock divider mask length (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: Move mm_cachep initialization to mm_init() (bsc#1212448). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net/net_failover: fix txq exceeding warning (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - pstore/ram: Add check for kstrdup (git-fixes). - qed/qede: Fix scheduling while atomic (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - regmap: Account for register length when chunking (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077) - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: octeon: delete my name from TODO contact (git-fixes). - sunrpc: Clean up svc_deferred_class trace events (git-fixes). - supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: fix use-after-free on core driver unbind (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: serial: option: add Quectel EM061KGL series (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). - x86/microcode: Print previous version of microcode after reload (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/mm: Initialize text poking earlier (bsc#1212448). - x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:42 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2893-1 Released: Thu Jul 20 06:44:05 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1206447,1206674,1206798,1211026 This update for wicked fixes the following issues: - Update to version 0.6.73 - Fix arp notify loop and burst sending (boo#1212806) - Allow verify/notify counter and interval configuration - Handle ENOBUFS sending errors (bsc#1203300) - Improve environment variable handling - Refactor firmware extension definition - Enable, disable and revert cli commands - Fix memory leaks, add array/list utils - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - Output formatting improvements and Unicode support - bond: workaround 6.1 kernel enslave regression (bsc#1206674) - Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling. - Improve error handling in netif firmware discovery extension execution and extension definition overrides in the wicked-config. - Fix use-after-free in debug mode (bsc#1206447) - Replace transitional `%usrmerged` macro with regular version check (bsc#1206798) - Improve to show `no-carrier` in ifstatus output - Cleanup inclusions and update uapi header to 6.0 - Link mode nwords cleanup and new advertise mode names - Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2930-1 Released: Fri Jul 21 10:09:57 2023 Summary: Security update for samba Type: security Severity: important References: 1213171,1213172,1213173,1213174,1213384,CVE-2022-2127,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: - Fixed trust relationship failure (bsc#1213384). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2994-1 Released: Thu Jul 27 06:45:29 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1157881,1200710,1209859 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Allow scope to be set in sysconfig: NFSD_SCOPE ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3118-1 Released: Wed Aug 2 05:57:56 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1212756 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3170-1 Released: Thu Aug 3 08:02:27 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3171-1 Released: Thu Aug 3 08:33:37 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1150305,1193629,1194869,1207894,1208788,1210565,1210584,1210853,1211243,1211811,1211867,1212301,1212846,1212905,1213010,1213011,1213012,1213013,1213014,1213015,1213016,1213017,1213018,1213019,1213020,1213021,1213024,1213025,1213032,1213034,1213035,1213036,1213037,1213038,1213039,1213040,1213041,1213059,1213061,1213087,1213088,1213089,1213090,1213092,1213093,1213094,1213095,1213096,1213098,1213099,1213100,1213102,1213103,1213104,1213105,1213106,1213107,1213108,1213109,1213110,1213111,1213112,1213113,1213114,1213134,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213286,1213523,1213524,1213543,1213705,CVE-2023-20593,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3812 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: - ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - ALSA: fireface: make read-only const array for model names static (git-fixes). - ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). - ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). - ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). - ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). - ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). - ALSA: hda/realtek: Whitespace fix (git-fixes). - ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - ALSA: oxfw: make read-only const array models static (git-fixes). - ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes). - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). - ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - ASoC: tegra: Fix ADX byte map (git-fixes). - ASoC: tegra: Fix AMX byte map (git-fixes). - Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). - Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes). - Documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - Documentation: timers: hrtimers: Make hybrid union historical (git-fixes). - Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) - Fix documentation of panic_on_warn (git-fixes). - IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). - RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) - Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes) - Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes). - USB: dwc2: Fix some error handling paths (git-fixes). - USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). - USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). - USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). - USB: serial: option: add LARA-R6 01B PIDs (git-fixes). - Update config and supported.conf files due to renaming. - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes) - arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - can: bcm: Fix UAF in bcm_proc_show() (git-fixes). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in DebugData (bsc#1193629). - cifs: print client_guid in DebugData (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). - codel: fix kernel-doc notation warnings (git-fixes). - crypto: kpp - Add helper to set reqsize (git-fixes). - crypto: qat - Use helper to set reqsize (git-fixes). - devlink: fix kernel-doc notation warnings (git-fixes). - docs: networking: Update codeaurora references for rmnet (git-fixes). - drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). - drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: Validate VM ioctl flags (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes). - drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915: Fix one wrong caching mode enum usage (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes). - drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). - drm/ttm: Do not leak a resource on swapout move error (git-fixes). - dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes). - ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). - ext4: fix WARNING in mb_find_extent (bsc#1213099). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix lockdep warning when enabling MMP (bsc#1213100). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1275) Allow setting sample averaging (git-fixes). - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: Do not try to handle more interrupt events after error (git-fixes). - inotify: Avoid reporting event with invalid wd (bsc#1213025). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). - kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: cec: i2c: ch7322: also select REGMAP (git-fixes). - media: i2c: Correct format propagation for st-mipid02 (git-fixes). - media: usb: Check az6007_read() return value (git-fixes). - media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). - media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). - media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). - net: mana: Add support for vlan tagging (bsc#1212301). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme: introduce nvme_start_request (bsc#1210565). - ocfs2: Switch to security_inode_init_security() (git-fixes). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes). - phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - pie: fix kernel-doc notation warning (git-fixes). - pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). - pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: Fix VAS mm use after free (bsc#1194869). - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: Fix kernel config grep (bsc#1194869). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - pwm: ab8500: Fix error code in probe() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). - rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*. - rsi: remove kernel-doc comment marker (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) - security: keys: Modify mismatched function name (git-fixes). - selftests: mptcp: depend on SYN_COOKIES (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add ConnTrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). - signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in SMB2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in CIFSFindFirst() (bsc#1193629). - smb: client: fix warning in CIFSFindNext() (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve DFS mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). - udf: Avoid double brelse() in udf_rename() (bsc#1213032). - udf: Define EFSCORRUPTED error code (bsc#1213038). - udf: Detect system inodes linked into directory hierarchy (bsc#1213114). - udf: Discard preallocation before extending file with a hole (bsc#1213036). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). - udf: Do not bother merging very long extents (bsc#1213040). - udf: Do not update file length for failed writes to inline files (bsc#1213041). - udf: Fix error handling in udf_new_inode() (bsc#1213112). - udf: Fix extending file within last block (bsc#1213037). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: Preserve link count of system files (bsc#1213113). - udf: Truncate added extents on failed expansion (bsc#1213039). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - writeback: fix call of incorrect macro (bsc#1213024). - x86: Fix .brk attribute in linker script (git-fixes). - xfs: AIL needs asynchronous CIL forcing (bsc#1211811). - xfs: CIL work is serialised, not pipelined (bsc#1211811). - xfs: XLOG_STATE_IOERROR must die (bsc#1211811). - xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk AIL insertion (git-fixes). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from CIL commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: move the CIL workqueue to the CIL (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order CIL checkpoint start records (bsc#1211811). - xfs: pass a CIL context to xlog_write() (bsc#1211811). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down AIL (bsc#1211811). - xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). - xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). - xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). The following package changes have been done: - audit-3.0.6-150400.4.10.1 updated - curl-8.0.1-150400.5.26.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - glibc-2.31-150300.52.2 updated - hwinfo-21.85-150400.3.12.1 updated - kernel-default-5.14.21-150400.24.74.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libaudit1-3.0.6-150400.4.10.1 updated - libauparse0-3.0.6-150400.4.10.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - nfs-client-2.1.1-150100.10.37.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - openssh-common-8.4p1-150300.3.22.1 updated - openssh-server-8.4p1-150300.3.22.1 updated - openssh-8.4p1-150300.3.22.1 updated - openssl-1_1-1.1.1l-150400.7.48.1 updated - perl-Bootloader-0.944-150400.3.6.1 updated - perl-base-5.26.1-150300.17.14.1 updated - perl-5.26.1-150300.17.14.1 updated - python3-requests-2.24.0-150300.3.3.1 updated - samba-client-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 updated - samba-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 updated - system-group-audit-3.0.6-150400.4.10.1 updated - wicked-service-0.6.73-150400.3.8.1 updated - wicked-0.6.73-150400.3.8.1 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Sun Aug 6 07:02:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Aug 2023 09:02:11 +0200 (CEST) Subject: SUSE-IU-2023:549-1: Security update of suse-sles-15-sp4-chost-byos-v20230803-hvm-ssd-x86_64 Message-ID: <20230806070211.1C9E9FD9F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230803-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:549-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230803-hvm-ssd-x86_64:20230803 Image Release : Severity : important Type : security References : 1065729 1065729 1089497 1150305 1152472 1152489 1157881 1160435 1171511 1172073 1186673 1187829 1189998 1191112 1191731 1193629 1193629 1194557 1194869 1194869 1195655 1195921 1198097 1199020 1200710 1201399 1201627 1201817 1202234 1202234 1203300 1203393 1203750 1203818 1203906 1205650 1205756 1205758 1205758 1205760 1205762 1205803 1206024 1206447 1206578 1206674 1206798 1207004 1207071 1207534 1207553 1207894 1208003 1208074 1208410 1208600 1208604 1208721 1208758 1208788 1209039 1209229 1209233 1209287 1209288 1209367 1209536 1209565 1209565 1209856 1209859 1209982 1210004 1210165 1210277 1210294 1210298 1210335 1210449 1210450 1210498 1210533 1210551 1210565 1210584 1210591 1210647 1210652 1210741 1210775 1210783 1210791 1210799 1210806 1210853 1210940 1210947 1210996 1210999 1211026 1211037 1211043 1211044 1211089 1211105 1211113 1211131 1211158 1211205 1211243 1211256 1211257 1211261 1211261 1211263 1211272 1211280 1211281 1211299 1211346 1211354 1211387 1211410 1211418 1211419 1211449 1211449 1211465 1211519 1211564 1211578 1211588 1211590 1211592 1211612 1211661 1211674 1211686 1211687 1211688 1211689 1211690 1211691 1211692 1211693 1211714 1211754 1211795 1211796 1211796 1211804 1211807 1211808 1211811 1211828 1211847 1211852 1211855 1211867 1211960 1212051 1212126 1212129 1212154 1212155 1212158 1212187 1212187 1212187 1212187 1212189 1212222 1212222 1212230 1212260 1212265 1212301 1212350 1212448 1212494 1212495 1212504 1212513 1212516 1212517 1212540 1212544 1212561 1212563 1212564 1212567 1212584 1212592 1212603 1212605 1212606 1212619 1212623 1212662 1212701 1212741 1212756 1212835 1212838 1212842 1212846 1212861 1212869 1212892 1212905 1213004 1213008 1213010 1213011 1213012 1213013 1213014 1213015 1213016 1213017 1213018 1213019 1213020 1213021 1213024 1213025 1213032 1213034 1213035 1213036 1213037 1213038 1213039 1213040 1213041 1213059 1213061 1213087 1213088 1213089 1213090 1213092 1213093 1213094 1213095 1213096 1213098 1213099 1213100 1213102 1213103 1213104 1213105 1213106 1213107 1213108 1213109 1213110 1213111 1213112 1213113 1213114 1213134 1213171 1213172 1213173 1213174 1213237 1213245 1213247 1213252 1213258 1213259 1213263 1213264 1213286 1213384 1213487 1213504 1213523 1213524 1213543 1213705 CVE-2007-4559 CVE-2022-2084 CVE-2022-2127 CVE-2022-4269 CVE-2022-4304 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1077 CVE-2023-1079 CVE-2023-1249 CVE-2023-1380 CVE-2023-1382 CVE-2023-1786 CVE-2023-1829 CVE-2023-2002 CVE-2023-20593 CVE-2023-21102 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2269 CVE-2023-2426 CVE-2023-2483 CVE-2023-2513 CVE-2023-2602 CVE-2023-2603 CVE-2023-2609 CVE-2023-2610 CVE-2023-2828 CVE-2023-28410 CVE-2023-2911 CVE-2023-2953 CVE-2023-2985 CVE-2023-3006 CVE-2023-30456 CVE-2023-3090 CVE-2023-31084 CVE-2023-3111 CVE-2023-3117 CVE-2023-31248 CVE-2023-3141 CVE-2023-31436 CVE-2023-31484 CVE-2023-3161 CVE-2023-32001 CVE-2023-3212 CVE-2023-32233 CVE-2023-32681 CVE-2023-33288 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 CVE-2023-3390 CVE-2023-34241 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-34969 CVE-2023-35001 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-35829 CVE-2023-3812 CVE-2023-38408 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230803-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2495-1 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2519-1 Released: Thu Jun 15 08:25:19 2023 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1203818 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2550-1 Released: Mon Jun 19 17:51:21 2023 Summary: Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Type: recommended Severity: moderate References: 1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2571-1 Released: Wed Jun 21 13:26:09 2023 Summary: Security update for Salt Type: security Severity: moderate References: 1207071,1209233,1211612,1211754,1212516,1212517 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2616-1 Released: Thu Jun 22 16:47:50 2023 Summary: Security update for cups Type: security Severity: important References: 1212230,CVE-2023-34241 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2628-1 Released: Fri Jun 23 21:43:22 2023 Summary: Security update for cloud-init Type: security Severity: important References: 1171511,1203393,1210277,1210652,CVE-2022-2084,CVE-2023-1786 This update for cloud-init fixes the following issues: - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277) - CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652) - Update to version 23.1 + Support transactional-updates for SUSE based distros + Set ownership for new folders in Write Files Module + add OpenCloudOS and TencentOS support + lxd: Retry if the server isn't ready + test: switch pycloudlib source to pypi + test: Fix integration test deprecation message + Recognize opensuse-microos, dev tooling fixes + sources/azure: refactor imds handler into own module + docs: deprecation generation support + add function is_virtual to distro/FreeBSD + cc_ssh: support multiple hostcertificates + Fix minor schema validation regression and fixup typing + doc: Reword user data debug section + cli: schema also validate vendordata*. + ci: sort and add checks for cla signers file + Add 'ederst' as contributor + readme: add reference to packages dir + docs: update downstream package list + docs: add google search verification + docs: fix 404 render use default notfound_urls_prefix in RTD conf + Fix OpenStack datasource detection on bare metal + docs: add themed RTD 404 page and pointer to readthedocs-hosted + schema: fix gpt labels, use type string for GUID + cc_disk_setup: code cleanup + netplan: keep custom strict perms when 50-cloud-init.yaml exists + cloud-id: better handling of change in datasource files + Warn on empty network key + Fix Vultr cloud_interfaces usage + cc_puppet: Update puppet service name + docs: Clarify networking docs + lint: remove httpretty + cc_set_passwords: Prevent traceback when restarting ssh + tests: fix lp1912844 + tests: Skip ansible test on bionic + Wait for NetworkManager + docs: minor polishing + CI: migrate integration-test to GH actions + Fix permission of SSH host keys + Fix default route rendering on v2 ipv6 + doc: fix path in net_convert command + docs: update net_convert docs + doc: fix dead link + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty + distros/rhel.py: _read_hostname() missing strip on 'hostname' + integration tests: add IBM VPC support + machine-id: set to uninitialized to trigger regeneration on clones + sources/azure: retry on connection error when fetching metdata + Ensure ssh state accurately obtained + bddeb: drop dh-systemd dependency on newer deb-based releases + doc: fix `config formats` link in cloudsigma.rst + Fix wrong subp syntax in cc_set_passwords.py + docs: update the PR template link to readthedocs + ci: switch unittests to gh actions + Add mount_default_fields for PhotonOS. + sources/azure: minor refactor for metadata source detection logic + add 'CalvoM' as contributor + ci: doc to gh actions + lxd: handle 404 from missing devices route for LXD 4.0 + docs: Diataxis overhaul + vultr: Fix issue regarding cache and region codes + cc_set_passwords: Move ssh status checking later + Improve Wireguard module idempotency + network/netplan: add gateways as on-link when necessary + tests: test_lxd assert features.networks.zones when present + Use btrfs enquque when available (#1926) [Robert Schweikert] + sources/azure: fix device driver matching for net config (#1914) + BSD: fix duplicate macs in Ifconfig parser + pycloudlib: add lunar support for integration tests + nocloud: add support for dmi variable expansion for seedfrom URL + tools: read-version drop extra call to git describe --long + doc: improve cc_write_files doc + read-version: When insufficient tags, use cloudinit.version.get_version + mounts: document weird prefix in schema + Ensure network ready before cloud-init service runs on RHEL + docs: add copy button to code blocks + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag + azure: fix support for systems without az command installed + Fix the distro.osfamily output problem in the openEuler system. + pycloudlib: bump commit dropping azure api smoke test + net: netplan config root read-only as wifi config can contain creds + autoinstall: clarify docs for users + sources/azure: encode health report as utf-8 + Add back gateway4/6 deprecation to docs + networkd: Add support for multiple [Route] sections + doc: add qemu tutorial + lint: fix tip-flake8 and tip-mypy + Add support for setting uid when creating users on FreeBSD + Fix exception in BSD networking code-path + Append derivatives to is_rhel list in cloud.cfg.tmpl + FreeBSD init: use cloudinit_enable as only rcvar + feat: add support aliyun metadata security harden mode + docs: uprate analyze to performance page + test: fix lxd preseed managed network config + Add support for static IPv6 addresses for FreeBSD + Make 3.12 failures not fail the build + Docs: adding relative links + Fix setup.py to align with PEP 440 versioning replacing trailing + Add 'nkukard' as contributor + doc: add how to render new module doc + doc: improve module creation explanation + Add Support for IPv6 metadata to OpenStack + add xiaoge1001 to .github-cla-signers + network: Deprecate gateway{4,6} keys in network config v2 + VMware: Move Guest Customization transport from OVF to VMware + doc: home page links added + net: skip duplicate mac check for netvsc nic and its VF This update for python-responses fixes the following issues: - update to 0.21.0: * Add `threading.Lock()` to allow `responses` working with `threading` module. * Add `urllib3` `Retry` mechanism. See #135 * Removed internal `_cookies_from_headers` function * Now `add`, `upsert`, `replace` methods return registered response. `remove` method returns list of removed responses. * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)` to your function to validate that all requests were executed in the wrapped function. See #183 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2632-1 Released: Mon Jun 26 12:16:31 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1211588 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git2.f42b4b2a060e: - Keep keepalive timer states when replacing SUSEConnect (bsc#1211588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2640-1 Released: Mon Jun 26 15:09:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2653-1 Released: Tue Jun 27 12:08:18 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1172073,1191731,1193629,1195655,1195921,1203906,1205650,1205756,1205758,1205760,1205762,1205803,1206024,1206578,1207553,1208604,1208758,1209287,1209288,1209856,1209982,1210165,1210294,1210449,1210450,1210498,1210533,1210551,1210647,1210741,1210775,1210783,1210791,1210806,1210940,1210947,1211037,1211043,1211044,1211089,1211105,1211113,1211131,1211205,1211263,1211280,1211281,1211449,1211465,1211519,1211564,1211590,1211592,1211686,1211687,1211688,1211689,1211690,1211691,1211692,1211693,1211714,1211796,1211804,1211807,1211808,1211847,1211855,1211960,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1079,CVE-2023-1380,CVE-2023-1382,CVE-2023-2002,CVE-2023-2124,CVE-2023-2156,CVE-2023-2162,CVE-2023-2269,CVE-2023-2483,CVE-2023-2513,CVE-2023-28410,CVE-2023-3006,CVE-2023-30456,CVE-2023-31084,CVE-2023-31436,CVE-2023-32233,CVE-2023-33288 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - Input: xpad - add constants for GIP interface numbers (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - Revert 'KVM: set owner of cpu and vm file operations' (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage. - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796). - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2667-1 Released: Wed Jun 28 09:14:31 2023 Summary: Security update for bind Type: security Severity: important References: 1212544,1212567,CVE-2023-2828,CVE-2023-2911 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: - Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. - Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. - Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:59 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2761-1 Released: Mon Jul 3 15:16:44 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1201817 This update for libjansson fixes the following issues: - Update to 2.14 (bsc#1201817): * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. + Add jansson_version_str() and jansson_version_cmp() for runtime version checking + Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions + Add json_object_update_recursive() + Add `json_pack()` format specifiers s*, o* and O* for values that can be omitted if null + Add `json_error_code()` to retrieve numeric error codes + Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers + Add `json_sprintf()` and `json_vsprintf()` * Fixes: + Handle `sprintf` corner cases. + Add infinite loop check in json_deep_copy() + Enhance JANSSON_ATTRS macro to support earlier C standard(C89) + Update version detection for sphinx-build + Fix error message in `json_pack()` for NULL object + Avoid invalid memory read in `json_pack()` + Call va_end after va_copy in `json_vsprintf()` + Improve handling of formats with '?' and '*' in `json_pack()` + Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling + Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` + Make json_equal() const-correct + Fix incomplete stealing of references by `json_pack()` - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Add check section. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2767-1 Released: Mon Jul 3 21:22:32 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1212662 This update for dracut fixes the following issues: - Update to version 055+suse.344.g3d5cd8fb - Continue parsing if ldd prints 'cannot execute binary file' (bsc#1212662) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2772-1 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2820-1 Released: Thu Jul 13 11:20:27 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1152472,1152489,1160435,1187829,1189998,1194869,1205758,1208410,1208600,1209039,1209367,1210335,1211299,1211346,1211387,1211410,1211449,1211796,1211852,1212051,1212129,1212154,1212155,1212158,1212265,1212350,1212448,1212494,1212495,1212504,1212513,1212540,1212561,1212563,1212564,1212584,1212592,1212603,1212605,1212606,1212619,1212701,1212741,1212835,1212838,1212842,1212861,1212869,1212892,CVE-2023-1077,CVE-2023-1249,CVE-2023-1829,CVE-2023-21102,CVE-2023-3090,CVE-2023-3111,CVE-2023-3141,CVE-2023-3161,CVE-2023-3212,CVE-2023-3357,CVE-2023-3358,CVE-2023-3389,CVE-2023-35788,CVE-2023-35823,CVE-2023-35828,CVE-2023-35829 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: - Drop dvb-core fix patch due to a bug (bsc#1205758). - Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796). - Generalize kernel-doc build requirements. - Get module prefix from kmod (bsc#1212835). - Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). - Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes). - Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes). - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253). - acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - affs: initialize fsdata in affs_truncate() (git-fixes). - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - alsa: oss: avoid missing-prototype warnings (git-fixes). - alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - arm: dts: vexpress: add missing cache properties (git-fixes). - asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - asoc: dwc: limit the number of overrun messages (git-fixes). - asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - asoc: soc-pcm: test if a BE can be prepared (git-fixes). - asoc: ssm2602: Add workaround for playback distortions (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). - bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - bluetooth: hci_qca: fix debugfs registration (git-fixes). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - eeprom: at24: also select REGMAP (git-fixes). - elf: correct note name comment (git-fixes). - ext4: unconditionally enable the i_version counter (bsc#1211299). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read() - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357). - hid: google: add jewel USB id (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Fix possible system crash when loading module (git-fixes). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: fix open count when closing inhibited device (git-fixes). - input: psmouse - fix OOB access in Elantech protocol (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389). - ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - jfs: Fix fortify moan in symlink (git-fixes). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm: arm64: Do not hypercall before EL2 init (git-fixes) - kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - kvm: arm64: Save PSTATE early on exit (git-fixes) - kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - meson saradc: fix clock divider mask length (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: Move mm_cachep initialization to mm_init() (bsc#1212448). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net/net_failover: fix txq exceeding warning (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - pstore/ram: Add check for kstrdup (git-fixes). - qed/qede: Fix scheduling while atomic (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - regmap: Account for register length when chunking (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077) - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: octeon: delete my name from TODO contact (git-fixes). - sunrpc: Clean up svc_deferred_class trace events (git-fixes). - supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: fix use-after-free on core driver unbind (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: serial: option: add Quectel EM061KGL series (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). - x86/microcode: Print previous version of microcode after reload (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/mm: Initialize text poking earlier (bsc#1212448). - x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:42 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2893-1 Released: Thu Jul 20 06:44:05 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1206447,1206674,1206798,1211026 This update for wicked fixes the following issues: - Update to version 0.6.73 - Fix arp notify loop and burst sending (boo#1212806) - Allow verify/notify counter and interval configuration - Handle ENOBUFS sending errors (bsc#1203300) - Improve environment variable handling - Refactor firmware extension definition - Enable, disable and revert cli commands - Fix memory leaks, add array/list utils - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - Output formatting improvements and Unicode support - bond: workaround 6.1 kernel enslave regression (bsc#1206674) - Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling. - Improve error handling in netif firmware discovery extension execution and extension definition overrides in the wicked-config. - Fix use-after-free in debug mode (bsc#1206447) - Replace transitional `%usrmerged` macro with regular version check (bsc#1206798) - Improve to show `no-carrier` in ifstatus output - Cleanup inclusions and update uapi header to 6.0 - Link mode nwords cleanup and new advertise mode names - Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2930-1 Released: Fri Jul 21 10:09:57 2023 Summary: Security update for samba Type: security Severity: important References: 1213171,1213172,1213173,1213174,1213384,CVE-2022-2127,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: - Fixed trust relationship failure (bsc#1213384). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2994-1 Released: Thu Jul 27 06:45:29 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1157881,1200710,1209859 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Allow scope to be set in sysconfig: NFSD_SCOPE ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3118-1 Released: Wed Aug 2 05:57:56 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1212756 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3170-1 Released: Thu Aug 3 08:02:27 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3171-1 Released: Thu Aug 3 08:33:37 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1150305,1193629,1194869,1207894,1208788,1210565,1210584,1210853,1211243,1211811,1211867,1212301,1212846,1212905,1213010,1213011,1213012,1213013,1213014,1213015,1213016,1213017,1213018,1213019,1213020,1213021,1213024,1213025,1213032,1213034,1213035,1213036,1213037,1213038,1213039,1213040,1213041,1213059,1213061,1213087,1213088,1213089,1213090,1213092,1213093,1213094,1213095,1213096,1213098,1213099,1213100,1213102,1213103,1213104,1213105,1213106,1213107,1213108,1213109,1213110,1213111,1213112,1213113,1213114,1213134,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213286,1213523,1213524,1213543,1213705,CVE-2023-20593,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3812 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: - ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - ALSA: fireface: make read-only const array for model names static (git-fixes). - ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). - ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). - ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). - ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). - ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). - ALSA: hda/realtek: Whitespace fix (git-fixes). - ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - ALSA: oxfw: make read-only const array models static (git-fixes). - ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes). - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). - ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - ASoC: tegra: Fix ADX byte map (git-fixes). - ASoC: tegra: Fix AMX byte map (git-fixes). - Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). - Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes). - Documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - Documentation: timers: hrtimers: Make hybrid union historical (git-fixes). - Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) - Fix documentation of panic_on_warn (git-fixes). - IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). - RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) - Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes) - Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes). - USB: dwc2: Fix some error handling paths (git-fixes). - USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). - USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). - USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). - USB: serial: option: add LARA-R6 01B PIDs (git-fixes). - Update config and supported.conf files due to renaming. - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes) - arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - can: bcm: Fix UAF in bcm_proc_show() (git-fixes). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in DebugData (bsc#1193629). - cifs: print client_guid in DebugData (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). - codel: fix kernel-doc notation warnings (git-fixes). - crypto: kpp - Add helper to set reqsize (git-fixes). - crypto: qat - Use helper to set reqsize (git-fixes). - devlink: fix kernel-doc notation warnings (git-fixes). - docs: networking: Update codeaurora references for rmnet (git-fixes). - drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). - drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: Validate VM ioctl flags (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes). - drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915: Fix one wrong caching mode enum usage (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes). - drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). - drm/ttm: Do not leak a resource on swapout move error (git-fixes). - dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes). - ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). - ext4: fix WARNING in mb_find_extent (bsc#1213099). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix lockdep warning when enabling MMP (bsc#1213100). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1275) Allow setting sample averaging (git-fixes). - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: Do not try to handle more interrupt events after error (git-fixes). - inotify: Avoid reporting event with invalid wd (bsc#1213025). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). - kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: cec: i2c: ch7322: also select REGMAP (git-fixes). - media: i2c: Correct format propagation for st-mipid02 (git-fixes). - media: usb: Check az6007_read() return value (git-fixes). - media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). - media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). - media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). - net: mana: Add support for vlan tagging (bsc#1212301). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme: introduce nvme_start_request (bsc#1210565). - ocfs2: Switch to security_inode_init_security() (git-fixes). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes). - phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - pie: fix kernel-doc notation warning (git-fixes). - pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). - pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: Fix VAS mm use after free (bsc#1194869). - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: Fix kernel config grep (bsc#1194869). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - pwm: ab8500: Fix error code in probe() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). - rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*. - rsi: remove kernel-doc comment marker (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) - security: keys: Modify mismatched function name (git-fixes). - selftests: mptcp: depend on SYN_COOKIES (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add ConnTrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). - signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in SMB2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in CIFSFindFirst() (bsc#1193629). - smb: client: fix warning in CIFSFindNext() (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve DFS mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). - udf: Avoid double brelse() in udf_rename() (bsc#1213032). - udf: Define EFSCORRUPTED error code (bsc#1213038). - udf: Detect system inodes linked into directory hierarchy (bsc#1213114). - udf: Discard preallocation before extending file with a hole (bsc#1213036). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). - udf: Do not bother merging very long extents (bsc#1213040). - udf: Do not update file length for failed writes to inline files (bsc#1213041). - udf: Fix error handling in udf_new_inode() (bsc#1213112). - udf: Fix extending file within last block (bsc#1213037). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: Preserve link count of system files (bsc#1213113). - udf: Truncate added extents on failed expansion (bsc#1213039). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - writeback: fix call of incorrect macro (bsc#1213024). - x86: Fix .brk attribute in linker script (git-fixes). - xfs: AIL needs asynchronous CIL forcing (bsc#1211811). - xfs: CIL work is serialised, not pipelined (bsc#1211811). - xfs: XLOG_STATE_IOERROR must die (bsc#1211811). - xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk AIL insertion (git-fixes). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from CIL commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: move the CIL workqueue to the CIL (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order CIL checkpoint start records (bsc#1211811). - xfs: pass a CIL context to xlog_write() (bsc#1211811). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down AIL (bsc#1211811). - xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). - xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). - xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). The following package changes have been done: - audit-3.0.6-150400.4.10.1 updated - bind-utils-9.16.42-150400.5.27.1 updated - cloud-init-config-suse-23.1-150100.8.63.5 updated - cloud-init-23.1-150100.8.63.5 updated - containerd-ctr-1.6.21-150000.93.1 updated - containerd-1.6.21-150000.93.1 updated - cups-config-2.2.7-150000.3.46.1 updated - curl-8.0.1-150400.5.26.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - docker-23.0.6_ce-150000.178.1 updated - dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - glibc-2.31-150300.52.2 updated - hwdata-0.371-150000.3.62.1 updated - hwinfo-21.85-150400.3.12.1 updated - kernel-default-5.14.21-150400.24.74.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libaudit1-3.0.6-150400.4.10.1 updated - libauparse0-3.0.6-150400.4.10.1 updated - libcap2-2.63-150400.3.3.1 updated - libcups2-2.2.7-150000.3.46.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - libjansson4-2.14-150000.3.3.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - libsolv-tools-0.7.24-150400.3.8.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libzck1-1.1.16-150400.3.4.1 updated - libzypp-17.31.14-150400.3.35.1 updated - nfs-client-2.1.1-150100.10.37.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - openssh-common-8.4p1-150300.3.22.1 updated - openssh-server-8.4p1-150300.3.22.1 updated - openssh-8.4p1-150300.3.22.1 updated - openssl-1_1-1.1.1l-150400.7.48.1 updated - perl-Bootloader-0.944-150400.3.6.1 updated - perl-base-5.26.1-150300.17.14.1 updated - perl-5.26.1-150300.17.14.1 updated - python3-base-3.6.15-150300.10.48.1 updated - python3-bind-9.16.42-150400.5.27.1 updated - python3-ply-3.10-150000.3.3.4 updated - python3-requests-2.24.0-150300.3.3.1 updated - python3-3.6.15-150300.10.48.1 updated - runc-1.1.7-150000.46.1 updated - samba-client-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 updated - samba-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 updated - supportutils-3.1.21-150300.7.35.18.1 updated - suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 updated - system-group-audit-3.0.6-150400.4.10.1 updated - systemd-rpm-macros-13-150000.7.33.1 updated - vim-data-common-9.0.1572-150000.5.46.1 updated - vim-9.0.1572-150000.5.46.1 updated - wicked-service-0.6.73-150400.3.8.1 updated - wicked-0.6.73-150400.3.8.1 updated - zypper-1.14.61-150400.3.24.1 updated - libfido2-udev-1.5.0-1.30 removed - xxd-9.0.1443-150000.5.43.1 removed From sle-updates at lists.suse.com Sun Aug 6 07:02:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Aug 2023 09:02:26 +0200 (CEST) Subject: SUSE-IU-2023:550-1: Security update of sles-15-sp4-chost-byos-v20230804-arm64 Message-ID: <20230806070226.5683BFD9F@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230804-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:550-1 Image Tags : sles-15-sp4-chost-byos-v20230804-arm64:20230804 Image Release : Severity : important Type : security References : 1065729 1089497 1124564 1150305 1152472 1152489 1157881 1160435 1186673 1187829 1189998 1193629 1194557 1194869 1194869 1200710 1201399 1203300 1205758 1206447 1206674 1206798 1207894 1208003 1208410 1208600 1208721 1208788 1209039 1209229 1209367 1209536 1209859 1210004 1210335 1210565 1210584 1210799 1210853 1210999 1211026 1211243 1211299 1211346 1211387 1211410 1211449 1211796 1211811 1211828 1211852 1211867 1212051 1212126 1212129 1212154 1212155 1212158 1212260 1212265 1212301 1212350 1212418 1212448 1212494 1212495 1212504 1212513 1212540 1212561 1212563 1212564 1212584 1212592 1212598 1212603 1212605 1212606 1212619 1212623 1212701 1212741 1212756 1212759 1212835 1212838 1212842 1212846 1212861 1212869 1212892 1212905 1213004 1213008 1213010 1213011 1213012 1213013 1213014 1213015 1213016 1213017 1213018 1213019 1213020 1213021 1213024 1213025 1213032 1213034 1213035 1213036 1213037 1213038 1213039 1213040 1213041 1213059 1213061 1213087 1213088 1213089 1213090 1213092 1213093 1213094 1213095 1213096 1213098 1213099 1213100 1213102 1213103 1213104 1213105 1213106 1213107 1213108 1213109 1213110 1213111 1213112 1213113 1213114 1213134 1213171 1213172 1213173 1213174 1213237 1213245 1213247 1213252 1213258 1213259 1213263 1213264 1213286 1213384 1213487 1213504 1213523 1213524 1213527 1213543 1213618 1213644 1213686 1213705 CVE-2022-2127 CVE-2023-1077 CVE-2023-1249 CVE-2023-1829 CVE-2023-20593 CVE-2023-21102 CVE-2023-2985 CVE-2023-3090 CVE-2023-3111 CVE-2023-3117 CVE-2023-31248 CVE-2023-3141 CVE-2023-31484 CVE-2023-3161 CVE-2023-32001 CVE-2023-3212 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 CVE-2023-3390 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-34969 CVE-2023-35001 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-35829 CVE-2023-3812 CVE-2023-38408 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230804-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2800-1 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1212623 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2811-1 Released: Wed Jul 12 11:56:18 2023 Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt Type: recommended Severity: moderate References: This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise 'uv' instead of 'clientPin'. * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 'minPinLength' extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions. * New API calls * New fido_init flag to disable fido_dev_open???s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ??? 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -'). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don???t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the 'fido' and 'otp' subcommands over NFC * New 'ykman --diagnose' command to aid in troubleshooting. * New 'ykman apdu' command for sending raw APDUs over the smart card interface. * New 'yubikit' package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don???t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don???t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a 'Use default' option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2820-1 Released: Thu Jul 13 11:20:27 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1152472,1152489,1160435,1187829,1189998,1194869,1205758,1208410,1208600,1209039,1209367,1210335,1211299,1211346,1211387,1211410,1211449,1211796,1211852,1212051,1212129,1212154,1212155,1212158,1212265,1212350,1212448,1212494,1212495,1212504,1212513,1212540,1212561,1212563,1212564,1212584,1212592,1212603,1212605,1212606,1212619,1212701,1212741,1212835,1212838,1212842,1212861,1212869,1212892,CVE-2023-1077,CVE-2023-1249,CVE-2023-1829,CVE-2023-21102,CVE-2023-3090,CVE-2023-3111,CVE-2023-3141,CVE-2023-3161,CVE-2023-3212,CVE-2023-3357,CVE-2023-3358,CVE-2023-3389,CVE-2023-35788,CVE-2023-35823,CVE-2023-35828,CVE-2023-35829 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: - Drop dvb-core fix patch due to a bug (bsc#1205758). - Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796). - Generalize kernel-doc build requirements. - Get module prefix from kmod (bsc#1212835). - Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). - Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes). - Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes). - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253). - acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - affs: initialize fsdata in affs_truncate() (git-fixes). - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - alsa: oss: avoid missing-prototype warnings (git-fixes). - alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - arm: dts: vexpress: add missing cache properties (git-fixes). - asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - asoc: dwc: limit the number of overrun messages (git-fixes). - asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - asoc: soc-pcm: test if a BE can be prepared (git-fixes). - asoc: ssm2602: Add workaround for playback distortions (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). - bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - bluetooth: hci_qca: fix debugfs registration (git-fixes). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - eeprom: at24: also select REGMAP (git-fixes). - elf: correct note name comment (git-fixes). - ext4: unconditionally enable the i_version counter (bsc#1211299). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read() - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357). - hid: google: add jewel USB id (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Fix possible system crash when loading module (git-fixes). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: fix open count when closing inhibited device (git-fixes). - input: psmouse - fix OOB access in Elantech protocol (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389). - ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - jfs: Fix fortify moan in symlink (git-fixes). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm: arm64: Do not hypercall before EL2 init (git-fixes) - kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - kvm: arm64: Save PSTATE early on exit (git-fixes) - kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - meson saradc: fix clock divider mask length (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: Move mm_cachep initialization to mm_init() (bsc#1212448). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net/net_failover: fix txq exceeding warning (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - pstore/ram: Add check for kstrdup (git-fixes). - qed/qede: Fix scheduling while atomic (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - regmap: Account for register length when chunking (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077) - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: octeon: delete my name from TODO contact (git-fixes). - sunrpc: Clean up svc_deferred_class trace events (git-fixes). - supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: fix use-after-free on core driver unbind (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: serial: option: add Quectel EM061KGL series (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). - x86/microcode: Print previous version of microcode after reload (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/mm: Initialize text poking earlier (bsc#1212448). - x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2827-1 Released: Fri Jul 14 11:27:42 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2893-1 Released: Thu Jul 20 06:44:05 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1206447,1206674,1206798,1211026 This update for wicked fixes the following issues: - Update to version 0.6.73 - Fix arp notify loop and burst sending (boo#1212806) - Allow verify/notify counter and interval configuration - Handle ENOBUFS sending errors (bsc#1203300) - Improve environment variable handling - Refactor firmware extension definition - Enable, disable and revert cli commands - Fix memory leaks, add array/list utils - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - Output formatting improvements and Unicode support - bond: workaround 6.1 kernel enslave regression (bsc#1206674) - Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling. - Improve error handling in netif firmware discovery extension execution and extension definition overrides in the wicked-config. - Fix use-after-free in debug mode (bsc#1206447) - Replace transitional `%usrmerged` macro with regular version check (bsc#1206798) - Improve to show `no-carrier` in ifstatus output - Cleanup inclusions and update uapi header to 6.0 - Link mode nwords cleanup and new advertise mode names - Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2930-1 Released: Fri Jul 21 10:09:57 2023 Summary: Security update for samba Type: security Severity: important References: 1213171,1213172,1213173,1213174,1213384,CVE-2022-2127,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: - Fixed trust relationship failure (bsc#1213384). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2962-1 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2994-1 Released: Thu Jul 27 06:45:29 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1157881,1200710,1209859 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Allow scope to be set in sysconfig: NFSD_SCOPE ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3118-1 Released: Wed Aug 2 05:57:56 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1212756 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3170-1 Released: Thu Aug 3 08:02:27 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3171-1 Released: Thu Aug 3 08:33:37 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1150305,1193629,1194869,1207894,1208788,1210565,1210584,1210853,1211243,1211811,1211867,1212301,1212846,1212905,1213010,1213011,1213012,1213013,1213014,1213015,1213016,1213017,1213018,1213019,1213020,1213021,1213024,1213025,1213032,1213034,1213035,1213036,1213037,1213038,1213039,1213040,1213041,1213059,1213061,1213087,1213088,1213089,1213090,1213092,1213093,1213094,1213095,1213096,1213098,1213099,1213100,1213102,1213103,1213104,1213105,1213106,1213107,1213108,1213109,1213110,1213111,1213112,1213113,1213114,1213134,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213286,1213523,1213524,1213543,1213705,CVE-2023-20593,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3812 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: - ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - ALSA: fireface: make read-only const array for model names static (git-fixes). - ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). - ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). - ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). - ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). - ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). - ALSA: hda/realtek: Whitespace fix (git-fixes). - ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - ALSA: oxfw: make read-only const array models static (git-fixes). - ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes). - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). - ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - ASoC: tegra: Fix ADX byte map (git-fixes). - ASoC: tegra: Fix AMX byte map (git-fixes). - Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). - Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes). - Documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - Documentation: timers: hrtimers: Make hybrid union historical (git-fixes). - Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) - Fix documentation of panic_on_warn (git-fixes). - IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). - RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) - Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes) - Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes). - USB: dwc2: Fix some error handling paths (git-fixes). - USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). - USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). - USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). - USB: serial: option: add LARA-R6 01B PIDs (git-fixes). - Update config and supported.conf files due to renaming. - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes) - arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - can: bcm: Fix UAF in bcm_proc_show() (git-fixes). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in DebugData (bsc#1193629). - cifs: print client_guid in DebugData (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). - codel: fix kernel-doc notation warnings (git-fixes). - crypto: kpp - Add helper to set reqsize (git-fixes). - crypto: qat - Use helper to set reqsize (git-fixes). - devlink: fix kernel-doc notation warnings (git-fixes). - docs: networking: Update codeaurora references for rmnet (git-fixes). - drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). - drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: Validate VM ioctl flags (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes). - drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915: Fix one wrong caching mode enum usage (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes). - drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). - drm/ttm: Do not leak a resource on swapout move error (git-fixes). - dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes). - ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). - ext4: fix WARNING in mb_find_extent (bsc#1213099). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix lockdep warning when enabling MMP (bsc#1213100). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1275) Allow setting sample averaging (git-fixes). - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: Do not try to handle more interrupt events after error (git-fixes). - inotify: Avoid reporting event with invalid wd (bsc#1213025). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). - kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: cec: i2c: ch7322: also select REGMAP (git-fixes). - media: i2c: Correct format propagation for st-mipid02 (git-fixes). - media: usb: Check az6007_read() return value (git-fixes). - media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). - media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). - media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). - net: mana: Add support for vlan tagging (bsc#1212301). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme: introduce nvme_start_request (bsc#1210565). - ocfs2: Switch to security_inode_init_security() (git-fixes). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes). - phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - pie: fix kernel-doc notation warning (git-fixes). - pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). - pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: Fix VAS mm use after free (bsc#1194869). - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: Fix kernel config grep (bsc#1194869). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - pwm: ab8500: Fix error code in probe() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). - rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*. - rsi: remove kernel-doc comment marker (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) - security: keys: Modify mismatched function name (git-fixes). - selftests: mptcp: depend on SYN_COOKIES (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add ConnTrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). - signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in SMB2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in CIFSFindFirst() (bsc#1193629). - smb: client: fix warning in CIFSFindNext() (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve DFS mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). - udf: Avoid double brelse() in udf_rename() (bsc#1213032). - udf: Define EFSCORRUPTED error code (bsc#1213038). - udf: Detect system inodes linked into directory hierarchy (bsc#1213114). - udf: Discard preallocation before extending file with a hole (bsc#1213036). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). - udf: Do not bother merging very long extents (bsc#1213040). - udf: Do not update file length for failed writes to inline files (bsc#1213041). - udf: Fix error handling in udf_new_inode() (bsc#1213112). - udf: Fix extending file within last block (bsc#1213037). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: Preserve link count of system files (bsc#1213113). - udf: Truncate added extents on failed expansion (bsc#1213039). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - writeback: fix call of incorrect macro (bsc#1213024). - x86: Fix .brk attribute in linker script (git-fixes). - xfs: AIL needs asynchronous CIL forcing (bsc#1211811). - xfs: CIL work is serialised, not pipelined (bsc#1211811). - xfs: XLOG_STATE_IOERROR must die (bsc#1211811). - xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk AIL insertion (git-fixes). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from CIL commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: move the CIL workqueue to the CIL (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order CIL checkpoint start records (bsc#1211811). - xfs: pass a CIL context to xlog_write() (bsc#1211811). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down AIL (bsc#1211811). - xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). - xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). - xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3197-1 Released: Fri Aug 4 10:04:10 2023 Summary: Recommended update for google-guest-agent, google-guest-configs, google-osconfig-agent Type: recommended Severity: moderate References: 1212418,1212759 This update for google-guest-agent, google-guest-configs, google-osconfig-agent fixes the following issues: - Update to version 20230601.00 (bsc#1212418, bsc#1212759) - Don't block google-osconfig-agent (#213) - Avoid conflict with automated package updates (#212) - Add a support of TrustedUserCAKeys into sshd configuration (#206) - Add a new dracut module for gcp udev rules (#53) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3199-1 Released: Fri Aug 4 11:51:27 2023 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: important References: 1124564,1212598,1213527,1213618,1213644,1213686 This update for libnvme, nvme-cli fixes the following issues: - Update to version 1.0+48.g64a3e9: - Add getter for subsystem iopolicy (bsc#1124564) - Avoid warning in 'list-subsys' (bsc#1212598) - Update Get Log Page code (bsc#1213618) - Fix counter while looping through uuid_list (bsc#1213644) The following package changes have been done: - audit-3.0.6-150400.4.10.1 updated - curl-8.0.1-150400.5.26.1 updated - dbus-1-1.12.2-150400.18.8.1 updated - glibc-locale-base-2.31-150300.52.2 updated - glibc-locale-2.31-150300.52.2 updated - glibc-2.31-150300.52.2 updated - google-guest-agent-20230601.00-150000.1.37.1 updated - google-osconfig-agent-20230706.02-150000.1.30.1 updated - hwinfo-21.85-150400.3.12.1 updated - kernel-default-5.14.21-150400.24.74.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libaudit1-3.0.6-150400.4.10.1 updated - libauparse0-3.0.6-150400.4.10.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - libhidapi-hidraw0-0.10.1-1.6 added - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - libnvme1-1.0+48.g707b7a-150400.3.24.1 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - nfs-client-2.1.1-150100.10.37.1 updated - nvme-cli-2.0+47.ga43da6-150400.3.21.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - openssh-common-8.4p1-150300.3.22.1 updated - openssh-server-8.4p1-150300.3.22.1 updated - openssh-8.4p1-150300.3.22.1 updated - openssl-1_1-1.1.1l-150400.7.48.1 updated - perl-Bootloader-0.944-150400.3.6.1 updated - perl-base-5.26.1-150300.17.14.1 updated - perl-5.26.1-150300.17.14.1 updated - samba-client-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 updated - samba-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 updated - system-group-audit-3.0.6-150400.4.10.1 updated - wicked-service-0.6.73-150400.3.8.1 updated - wicked-0.6.73-150400.3.8.1 updated - libfido2-udev-1.5.0-1.30 removed From sle-updates at lists.suse.com Mon Aug 7 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 08:30:02 -0000 Subject: SUSE-SU-2023:3202-1: moderate: Security update for python-Django1 Message-ID: <169139700271.27282.10400886339048237158@smelt2.suse.de> # Security update for python-Django1 Announcement ID: SUSE-SU-2023:3202-1 Rating: moderate References: * #1212742 Cross-References: * CVE-2023-36053 CVSS scores: * CVE-2023-36053 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-36053 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-Django1 fixes the following issues: * CVE-2023-36053: Fixed regular expression denial of service vulnerability in EmailValidator/URLValidator (bsc#1212742). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3202=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3202=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * python-Django1-1.11.29-3.47.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * python-Django1-1.11.29-3.47.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36053.html * https://bugzilla.suse.com/show_bug.cgi?id=1212742 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 12:36:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 12:36:59 -0000 Subject: SUSE-RU-2023:3204-1: important: Recommended update for tboot Message-ID: <169141181999.24442.2532858276277461039@smelt2.suse.de> # Recommended update for tboot Announcement ID: SUSE-RU-2023:3204-1 Rating: important References: * #1207833 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for tboot fixes the following issues: * Correctly move MBI from a lower address above tboot (bsc#1207833). This fixes a broken boot situation in some configurations stopping with log line "TBOOT: loader context was moved from 0x
to 0x
". * Bump date in version string to fix the upgrade path from SLE-12-SP5 and SLE-15-SP2 (currently at 2019070 and 20200501 respectively). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3204=1 openSUSE-SLE-15.4-2023-3204=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3204=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3204=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3204=1 ## Package List: * openSUSE Leap 15.4 (x86_64 i586) * tboot-debugsource-20200901_1.10.2-150400.3.4.1 * tboot-debuginfo-20200901_1.10.2-150400.3.4.1 * tboot-20200901_1.10.2-150400.3.4.1 * openSUSE Leap 15.5 (x86_64) * tboot-debugsource-20200901_1.10.2-150400.3.4.1 * tboot-debuginfo-20200901_1.10.2-150400.3.4.1 * tboot-20200901_1.10.2-150400.3.4.1 * Basesystem Module 15-SP4 (x86_64) * tboot-debugsource-20200901_1.10.2-150400.3.4.1 * tboot-debuginfo-20200901_1.10.2-150400.3.4.1 * tboot-20200901_1.10.2-150400.3.4.1 * Basesystem Module 15-SP5 (x86_64) * tboot-debugsource-20200901_1.10.2-150400.3.4.1 * tboot-debuginfo-20200901_1.10.2-150400.3.4.1 * tboot-20200901_1.10.2-150400.3.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207833 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 12:37:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 12:37:01 -0000 Subject: SUSE-RU-2023:3203-1: moderate: Recommended update for yast2-installation Message-ID: <169141182169.24442.9832186709169537493@smelt2.suse.de> # Recommended update for yast2-installation Announcement ID: SUSE-RU-2023:3203-1 Rating: moderate References: * #1211764 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for yast2-installation fixes the following issues: * Don't always enable sshd and open the ssh port (bsc#1211764) * Update to version 4.5.17 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3203=1 openSUSE-SLE-15.5-2023-3203=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3203=1 ## Package List: * openSUSE Leap 15.5 (noarch) * yast2-installation-4.5.17-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * yast2-installation-4.5.17-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211764 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:02 -0000 Subject: SUSE-RU-2023:3218-1: moderate: Recommended update for cryptsetup Message-ID: <169142580290.22905.9023017500020806804@smelt2.suse.de> # Recommended update for cryptsetup Announcement ID: SUSE-RU-2023:3218-1 Rating: moderate References: * #1211079 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for cryptsetup fixes the following issues: * Handle system with low memory and no swap space (bsc#1211079) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3218=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3218=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3218=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3218=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3218=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3218=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3218=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3218=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3218=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3218=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3218=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3218=1 ## Package List: * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup-devel-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Manager Server 4.2 (noarch) * cryptsetup-lang-2.3.7-150300.3.8.1 * SUSE Manager Server 4.2 (x86_64) * libcryptsetup12-hmac-32bit-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-2.3.7-150300.3.8.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup-devel-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Enterprise Storage 7.1 (noarch) * cryptsetup-lang-2.3.7-150300.3.8.1 * SUSE Enterprise Storage 7.1 (x86_64) * libcryptsetup12-hmac-32bit-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup-devel-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * cryptsetup-lang-2.3.7-150300.3.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libcryptsetup12-hmac-32bit-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-2.3.7-150300.3.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup-devel-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * cryptsetup-lang-2.3.7-150300.3.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libcryptsetup12-hmac-32bit-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-32bit-2.3.7-150300.3.8.1 * libcryptsetup-devel-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * cryptsetup-lang-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup-devel-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * cryptsetup-lang-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libcryptsetup12-hmac-32bit-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup-devel-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * cryptsetup-lang-2.3.7-150300.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libcryptsetup12-hmac-32bit-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-2.3.7-150300.3.8.1 * SUSE Manager Proxy 4.2 (x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-32bit-2.3.7-150300.3.8.1 * libcryptsetup-devel-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Manager Proxy 4.2 (noarch) * cryptsetup-lang-2.3.7-150300.3.8.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * cryptsetup-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-2.3.7-150300.3.8.1 * cryptsetup-2.3.7-150300.3.8.1 * cryptsetup-debugsource-2.3.7-150300.3.8.1 * libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-32bit-2.3.7-150300.3.8.1 * libcryptsetup-devel-2.3.7-150300.3.8.1 * libcryptsetup12-hmac-2.3.7-150300.3.8.1 * libcryptsetup12-2.3.7-150300.3.8.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * cryptsetup-lang-2.3.7-150300.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211079 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:05 -0000 Subject: SUSE-RU-2023:3217-1: moderate: Recommended update for cryptsetup Message-ID: <169142580505.22905.12387075846838567922@smelt2.suse.de> # Recommended update for cryptsetup Announcement ID: SUSE-RU-2023:3217-1 Rating: moderate References: * #1211079 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for cryptsetup fixes the following issues: * Handle system with low memory and no swap space (bsc#1211079) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3217=1 SUSE-2023-3217=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3217=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3217=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3217=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3217=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3217=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3217=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3217=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3217=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3217=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libcryptsetup12-2.4.3-150400.3.3.1 * cryptsetup-2.4.3-150400.3.3.1 * libcryptsetup12-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-ssh-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-ssh-2.4.3-150400.3.3.1 * libcryptsetup-devel-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-2.4.3-150400.3.3.1 * cryptsetup-debugsource-2.4.3-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * cryptsetup-lang-2.4.3-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libcryptsetup12-32bit-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-32bit-2.4.3-150400.3.3.1 * libcryptsetup12-32bit-2.4.3-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcryptsetup12-64bit-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-64bit-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-64bit-2.4.3-150400.3.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libcryptsetup12-2.4.3-150400.3.3.1 * cryptsetup-2.4.3-150400.3.3.1 * libcryptsetup12-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-2.4.3-150400.3.3.1 * cryptsetup-debugsource-2.4.3-150400.3.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libcryptsetup12-2.4.3-150400.3.3.1 * cryptsetup-2.4.3-150400.3.3.1 * libcryptsetup12-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-2.4.3-150400.3.3.1 * cryptsetup-debugsource-2.4.3-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libcryptsetup12-2.4.3-150400.3.3.1 * cryptsetup-2.4.3-150400.3.3.1 * libcryptsetup12-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-ssh-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-ssh-2.4.3-150400.3.3.1 * libcryptsetup-devel-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-2.4.3-150400.3.3.1 * cryptsetup-debugsource-2.4.3-150400.3.3.1 * openSUSE Leap 15.5 (noarch) * cryptsetup-lang-2.4.3-150400.3.3.1 * openSUSE Leap 15.5 (x86_64) * libcryptsetup12-32bit-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-32bit-2.4.3-150400.3.3.1 * libcryptsetup12-32bit-2.4.3-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcryptsetup12-2.4.3-150400.3.3.1 * cryptsetup-2.4.3-150400.3.3.1 * libcryptsetup12-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-2.4.3-150400.3.3.1 * cryptsetup-debugsource-2.4.3-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcryptsetup12-2.4.3-150400.3.3.1 * cryptsetup-2.4.3-150400.3.3.1 * libcryptsetup12-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-2.4.3-150400.3.3.1 * cryptsetup-debugsource-2.4.3-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcryptsetup12-2.4.3-150400.3.3.1 * cryptsetup-2.4.3-150400.3.3.1 * libcryptsetup12-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-2.4.3-150400.3.3.1 * cryptsetup-debugsource-2.4.3-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcryptsetup12-2.4.3-150400.3.3.1 * cryptsetup-2.4.3-150400.3.3.1 * libcryptsetup12-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-2.4.3-150400.3.3.1 * cryptsetup-debugsource-2.4.3-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libcryptsetup12-2.4.3-150400.3.3.1 * cryptsetup-2.4.3-150400.3.3.1 * libcryptsetup12-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-ssh-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-ssh-2.4.3-150400.3.3.1 * libcryptsetup-devel-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-2.4.3-150400.3.3.1 * cryptsetup-debugsource-2.4.3-150400.3.3.1 * Basesystem Module 15-SP4 (noarch) * cryptsetup-lang-2.4.3-150400.3.3.1 * Basesystem Module 15-SP4 (x86_64) * libcryptsetup12-32bit-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-32bit-2.4.3-150400.3.3.1 * libcryptsetup12-32bit-2.4.3-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libcryptsetup12-2.4.3-150400.3.3.1 * cryptsetup-2.4.3-150400.3.3.1 * libcryptsetup12-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-ssh-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-debuginfo-2.4.3-150400.3.3.1 * cryptsetup-ssh-2.4.3-150400.3.3.1 * libcryptsetup-devel-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-2.4.3-150400.3.3.1 * cryptsetup-debugsource-2.4.3-150400.3.3.1 * Basesystem Module 15-SP5 (noarch) * cryptsetup-lang-2.4.3-150400.3.3.1 * Basesystem Module 15-SP5 (x86_64) * libcryptsetup12-32bit-debuginfo-2.4.3-150400.3.3.1 * libcryptsetup12-hmac-32bit-2.4.3-150400.3.3.1 * libcryptsetup12-32bit-2.4.3-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211079 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:08 -0000 Subject: SUSE-RU-2023:3216-1: moderate: Recommended update for SAPHanaSR-ScaleOut Message-ID: <169142580833.22905.7791210425576071189@smelt2.suse.de> # Recommended update for SAPHanaSR-ScaleOut Announcement ID: SUSE-RU-2023:3216-1 Rating: moderate References: * #1196650 * #1210573 * #1210728 Affected Products: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains two features and has three recommended fixes can now be installed. ## Description: This update for SAPHanaSR-ScaleOut fixes the following issues: * Updated to version 0.185.0 * Avoid usage of /tmp filesystem to keep resource agents working even the filesystem is full (bsc#1210728) * Fix the path for the HA/DR provider hook in the global.ini (bsc#1210573) * Update man pages * Fix cluster recovering on the same HANA side (bsc#1196650) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-3216=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-3216=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * SAPHanaSR-ScaleOut-0.185.0-3.32.1 * SAPHanaSR-ScaleOut-doc-0.185.0-3.32.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * SAPHanaSR-ScaleOut-0.185.0-3.32.1 * SAPHanaSR-ScaleOut-doc-0.185.0-3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1196650 * https://bugzilla.suse.com/show_bug.cgi?id=1210573 * https://bugzilla.suse.com/show_bug.cgi?id=1210728 * https://jira.suse.com/browse/PED-1739 * https://jira.suse.com/browse/PED-2608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:10 -0000 Subject: SUSE-RU-2023:3215-1: moderate: Recommended update for sssd Message-ID: <169142581025.22905.2179204162634003355@smelt2.suse.de> # Recommended update for sssd Announcement ID: SUSE-RU-2023:3215-1 Rating: moderate References: * #1213283 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for sssd fixes the following issues: * Fix sssd entering failed state under heavy load (bsc#1213283) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3215=1 openSUSE-SLE-15.5-2023-3215=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3215=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * sssd-proxy-debuginfo-2.5.2-150500.10.3.1 * libsss_idmap-devel-2.5.2-150500.10.3.1 * sssd-ldap-debuginfo-2.5.2-150500.10.3.1 * libipa_hbac-devel-2.5.2-150500.10.3.1 * libsss_certmap0-2.5.2-150500.10.3.1 * libsss_idmap0-2.5.2-150500.10.3.1 * python3-sssd-config-debuginfo-2.5.2-150500.10.3.1 * python3-sss_nss_idmap-debuginfo-2.5.2-150500.10.3.1 * sssd-common-2.5.2-150500.10.3.1 * libsss_idmap0-debuginfo-2.5.2-150500.10.3.1 * libsss_simpleifp0-2.5.2-150500.10.3.1 * libsss_certmap0-debuginfo-2.5.2-150500.10.3.1 * sssd-debugsource-2.5.2-150500.10.3.1 * sssd-krb5-common-2.5.2-150500.10.3.1 * sssd-ldap-2.5.2-150500.10.3.1 * python3-ipa_hbac-2.5.2-150500.10.3.1 * sssd-winbind-idmap-debuginfo-2.5.2-150500.10.3.1 * sssd-krb5-2.5.2-150500.10.3.1 * libsss_nss_idmap0-2.5.2-150500.10.3.1 * sssd-winbind-idmap-2.5.2-150500.10.3.1 * sssd-kcm-2.5.2-150500.10.3.1 * libnfsidmap-sss-2.5.2-150500.10.3.1 * libnfsidmap-sss-debuginfo-2.5.2-150500.10.3.1 * sssd-ad-debuginfo-2.5.2-150500.10.3.1 * sssd-dbus-2.5.2-150500.10.3.1 * sssd-ipa-2.5.2-150500.10.3.1 * sssd-krb5-debuginfo-2.5.2-150500.10.3.1 * sssd-tools-debuginfo-2.5.2-150500.10.3.1 * sssd-kcm-debuginfo-2.5.2-150500.10.3.1 * sssd-common-debuginfo-2.5.2-150500.10.3.1 * sssd-krb5-common-debuginfo-2.5.2-150500.10.3.1 * libipa_hbac0-2.5.2-150500.10.3.1 * libsss_certmap-devel-2.5.2-150500.10.3.1 * python3-sss-murmur-debuginfo-2.5.2-150500.10.3.1 * python3-sssd-config-2.5.2-150500.10.3.1 * python3-sss_nss_idmap-2.5.2-150500.10.3.1 * libsss_nss_idmap-devel-2.5.2-150500.10.3.1 * sssd-tools-2.5.2-150500.10.3.1 * libsss_simpleifp-devel-2.5.2-150500.10.3.1 * sssd-proxy-2.5.2-150500.10.3.1 * python3-ipa_hbac-debuginfo-2.5.2-150500.10.3.1 * sssd-2.5.2-150500.10.3.1 * python3-sss-murmur-2.5.2-150500.10.3.1 * libipa_hbac0-debuginfo-2.5.2-150500.10.3.1 * sssd-dbus-debuginfo-2.5.2-150500.10.3.1 * sssd-ad-2.5.2-150500.10.3.1 * sssd-ipa-debuginfo-2.5.2-150500.10.3.1 * libsss_simpleifp0-debuginfo-2.5.2-150500.10.3.1 * libsss_nss_idmap0-debuginfo-2.5.2-150500.10.3.1 * openSUSE Leap 15.5 (x86_64) * sssd-common-32bit-2.5.2-150500.10.3.1 * sssd-common-32bit-debuginfo-2.5.2-150500.10.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * sssd-common-64bit-debuginfo-2.5.2-150500.10.3.1 * sssd-common-64bit-2.5.2-150500.10.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * sssd-proxy-debuginfo-2.5.2-150500.10.3.1 * libsss_idmap-devel-2.5.2-150500.10.3.1 * sssd-ldap-debuginfo-2.5.2-150500.10.3.1 * libipa_hbac-devel-2.5.2-150500.10.3.1 * libsss_certmap0-2.5.2-150500.10.3.1 * libsss_idmap0-2.5.2-150500.10.3.1 * python3-sssd-config-debuginfo-2.5.2-150500.10.3.1 * sssd-common-2.5.2-150500.10.3.1 * libsss_idmap0-debuginfo-2.5.2-150500.10.3.1 * libsss_simpleifp0-2.5.2-150500.10.3.1 * libsss_certmap0-debuginfo-2.5.2-150500.10.3.1 * sssd-debugsource-2.5.2-150500.10.3.1 * sssd-krb5-common-2.5.2-150500.10.3.1 * sssd-ldap-2.5.2-150500.10.3.1 * sssd-winbind-idmap-debuginfo-2.5.2-150500.10.3.1 * sssd-krb5-2.5.2-150500.10.3.1 * libsss_nss_idmap0-2.5.2-150500.10.3.1 * sssd-winbind-idmap-2.5.2-150500.10.3.1 * sssd-kcm-2.5.2-150500.10.3.1 * sssd-ad-debuginfo-2.5.2-150500.10.3.1 * sssd-dbus-2.5.2-150500.10.3.1 * sssd-ipa-2.5.2-150500.10.3.1 * sssd-krb5-debuginfo-2.5.2-150500.10.3.1 * sssd-tools-debuginfo-2.5.2-150500.10.3.1 * sssd-kcm-debuginfo-2.5.2-150500.10.3.1 * sssd-common-debuginfo-2.5.2-150500.10.3.1 * sssd-krb5-common-debuginfo-2.5.2-150500.10.3.1 * libipa_hbac0-2.5.2-150500.10.3.1 * libsss_certmap-devel-2.5.2-150500.10.3.1 * python3-sssd-config-2.5.2-150500.10.3.1 * libsss_nss_idmap-devel-2.5.2-150500.10.3.1 * sssd-tools-2.5.2-150500.10.3.1 * libsss_simpleifp-devel-2.5.2-150500.10.3.1 * sssd-proxy-2.5.2-150500.10.3.1 * sssd-2.5.2-150500.10.3.1 * libipa_hbac0-debuginfo-2.5.2-150500.10.3.1 * sssd-dbus-debuginfo-2.5.2-150500.10.3.1 * sssd-ad-2.5.2-150500.10.3.1 * sssd-ipa-debuginfo-2.5.2-150500.10.3.1 * libsss_simpleifp0-debuginfo-2.5.2-150500.10.3.1 * libsss_nss_idmap0-debuginfo-2.5.2-150500.10.3.1 * Basesystem Module 15-SP5 (x86_64) * sssd-common-32bit-2.5.2-150500.10.3.1 * sssd-common-32bit-debuginfo-2.5.2-150500.10.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213283 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:12 -0000 Subject: SUSE-RU-2023:3214-1: moderate: Recommended update for sssd Message-ID: <169142581242.22905.17993073902799960067@smelt2.suse.de> # Recommended update for sssd Announcement ID: SUSE-RU-2023:3214-1 Rating: moderate References: * #1213283 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for sssd fixes the following issues: * Fix sssd entering failed state under heavy load (bsc#1213283) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3214=1 openSUSE-SLE-15.4-2023-3214=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3214=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3214=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3214=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3214=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3214=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3214=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3214=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * sssd-krb5-common-2.5.2-150400.4.14.1 * libsss_simpleifp-devel-2.5.2-150400.4.14.1 * sssd-ipa-debuginfo-2.5.2-150400.4.14.1 * libsss_simpleifp0-2.5.2-150400.4.14.1 * libsss_nss_idmap0-2.5.2-150400.4.14.1 * libipa_hbac0-2.5.2-150400.4.14.1 * sssd-proxy-2.5.2-150400.4.14.1 * libsss_certmap0-2.5.2-150400.4.14.1 * sssd-common-debuginfo-2.5.2-150400.4.14.1 * sssd-debugsource-2.5.2-150400.4.14.1 * libipa_hbac-devel-2.5.2-150400.4.14.1 * sssd-ad-2.5.2-150400.4.14.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.14.1 * libsss_simpleifp0-debuginfo-2.5.2-150400.4.14.1 * sssd-ipa-2.5.2-150400.4.14.1 * sssd-krb5-2.5.2-150400.4.14.1 * python3-ipa_hbac-2.5.2-150400.4.14.1 * libnfsidmap-sss-2.5.2-150400.4.14.1 * sssd-tools-2.5.2-150400.4.14.1 * sssd-kcm-debuginfo-2.5.2-150400.4.14.1 * python3-sss-murmur-debuginfo-2.5.2-150400.4.14.1 * libsss_idmap0-2.5.2-150400.4.14.1 * sssd-ad-debuginfo-2.5.2-150400.4.14.1 * python3-sss-murmur-2.5.2-150400.4.14.1 * python3-sss_nss_idmap-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap-devel-2.5.2-150400.4.14.1 * sssd-kcm-2.5.2-150400.4.14.1 * sssd-ldap-debuginfo-2.5.2-150400.4.14.1 * sssd-proxy-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_nss_idmap-devel-2.5.2-150400.4.14.1 * sssd-dbus-debuginfo-2.5.2-150400.4.14.1 * libnfsidmap-sss-debuginfo-2.5.2-150400.4.14.1 * sssd-dbus-2.5.2-150400.4.14.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.14.1 * sssd-2.5.2-150400.4.14.1 * sssd-ldap-2.5.2-150400.4.14.1 * python3-sss_nss_idmap-2.5.2-150400.4.14.1 * sssd-tools-debuginfo-2.5.2-150400.4.14.1 * sssd-winbind-idmap-debuginfo-2.5.2-150400.4.14.1 * sssd-winbind-idmap-2.5.2-150400.4.14.1 * sssd-krb5-debuginfo-2.5.2-150400.4.14.1 * libsss_idmap-devel-2.5.2-150400.4.14.1 * sssd-common-2.5.2-150400.4.14.1 * python3-ipa_hbac-debuginfo-2.5.2-150400.4.14.1 * python3-sssd-config-2.5.2-150400.4.14.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.14.1 * python3-sssd-config-debuginfo-2.5.2-150400.4.14.1 * libipa_hbac0-debuginfo-2.5.2-150400.4.14.1 * openSUSE Leap 15.4 (x86_64) * sssd-common-32bit-2.5.2-150400.4.14.1 * sssd-common-32bit-debuginfo-2.5.2-150400.4.14.1 * openSUSE Leap 15.4 (aarch64_ilp32) * sssd-common-64bit-2.5.2-150400.4.14.1 * sssd-common-64bit-debuginfo-2.5.2-150400.4.14.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libsss_idmap0-2.5.2-150400.4.14.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.14.1 * sssd-krb5-common-2.5.2-150400.4.14.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.14.1 * sssd-ldap-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_nss_idmap0-2.5.2-150400.4.14.1 * sssd-2.5.2-150400.4.14.1 * sssd-common-2.5.2-150400.4.14.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-2.5.2-150400.4.14.1 * sssd-ldap-2.5.2-150400.4.14.1 * sssd-common-debuginfo-2.5.2-150400.4.14.1 * sssd-debugsource-2.5.2-150400.4.14.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libsss_idmap0-2.5.2-150400.4.14.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.14.1 * sssd-krb5-common-2.5.2-150400.4.14.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.14.1 * sssd-ldap-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_nss_idmap0-2.5.2-150400.4.14.1 * sssd-2.5.2-150400.4.14.1 * sssd-common-2.5.2-150400.4.14.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-2.5.2-150400.4.14.1 * sssd-ldap-2.5.2-150400.4.14.1 * sssd-common-debuginfo-2.5.2-150400.4.14.1 * sssd-debugsource-2.5.2-150400.4.14.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsss_idmap0-2.5.2-150400.4.14.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.14.1 * sssd-krb5-common-2.5.2-150400.4.14.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.14.1 * sssd-ldap-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_nss_idmap0-2.5.2-150400.4.14.1 * sssd-2.5.2-150400.4.14.1 * sssd-common-2.5.2-150400.4.14.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-2.5.2-150400.4.14.1 * sssd-ldap-2.5.2-150400.4.14.1 * sssd-common-debuginfo-2.5.2-150400.4.14.1 * sssd-debugsource-2.5.2-150400.4.14.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsss_idmap0-2.5.2-150400.4.14.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.14.1 * sssd-krb5-common-2.5.2-150400.4.14.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.14.1 * sssd-ldap-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_nss_idmap0-2.5.2-150400.4.14.1 * sssd-2.5.2-150400.4.14.1 * sssd-common-2.5.2-150400.4.14.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-2.5.2-150400.4.14.1 * sssd-ldap-2.5.2-150400.4.14.1 * sssd-common-debuginfo-2.5.2-150400.4.14.1 * sssd-debugsource-2.5.2-150400.4.14.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsss_idmap0-2.5.2-150400.4.14.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.14.1 * sssd-krb5-common-2.5.2-150400.4.14.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.14.1 * sssd-ldap-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_nss_idmap0-2.5.2-150400.4.14.1 * sssd-2.5.2-150400.4.14.1 * sssd-common-2.5.2-150400.4.14.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-2.5.2-150400.4.14.1 * sssd-ldap-2.5.2-150400.4.14.1 * sssd-common-debuginfo-2.5.2-150400.4.14.1 * sssd-debugsource-2.5.2-150400.4.14.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsss_idmap0-2.5.2-150400.4.14.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.14.1 * sssd-krb5-common-2.5.2-150400.4.14.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.14.1 * sssd-ldap-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_nss_idmap0-2.5.2-150400.4.14.1 * sssd-2.5.2-150400.4.14.1 * sssd-common-2.5.2-150400.4.14.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-2.5.2-150400.4.14.1 * sssd-ldap-2.5.2-150400.4.14.1 * sssd-common-debuginfo-2.5.2-150400.4.14.1 * sssd-debugsource-2.5.2-150400.4.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * sssd-krb5-common-2.5.2-150400.4.14.1 * libsss_simpleifp-devel-2.5.2-150400.4.14.1 * sssd-ipa-debuginfo-2.5.2-150400.4.14.1 * libsss_simpleifp0-2.5.2-150400.4.14.1 * libsss_nss_idmap0-2.5.2-150400.4.14.1 * libipa_hbac0-2.5.2-150400.4.14.1 * sssd-proxy-2.5.2-150400.4.14.1 * libsss_certmap0-2.5.2-150400.4.14.1 * sssd-common-debuginfo-2.5.2-150400.4.14.1 * sssd-debugsource-2.5.2-150400.4.14.1 * libipa_hbac-devel-2.5.2-150400.4.14.1 * sssd-ad-2.5.2-150400.4.14.1 * sssd-krb5-common-debuginfo-2.5.2-150400.4.14.1 * libsss_simpleifp0-debuginfo-2.5.2-150400.4.14.1 * sssd-ipa-2.5.2-150400.4.14.1 * sssd-krb5-2.5.2-150400.4.14.1 * sssd-tools-2.5.2-150400.4.14.1 * sssd-kcm-debuginfo-2.5.2-150400.4.14.1 * libsss_idmap0-2.5.2-150400.4.14.1 * sssd-ad-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap-devel-2.5.2-150400.4.14.1 * sssd-kcm-2.5.2-150400.4.14.1 * sssd-ldap-debuginfo-2.5.2-150400.4.14.1 * sssd-proxy-debuginfo-2.5.2-150400.4.14.1 * libsss_certmap0-debuginfo-2.5.2-150400.4.14.1 * libsss_nss_idmap-devel-2.5.2-150400.4.14.1 * sssd-dbus-debuginfo-2.5.2-150400.4.14.1 * sssd-dbus-2.5.2-150400.4.14.1 * libsss_idmap0-debuginfo-2.5.2-150400.4.14.1 * sssd-2.5.2-150400.4.14.1 * sssd-ldap-2.5.2-150400.4.14.1 * sssd-tools-debuginfo-2.5.2-150400.4.14.1 * sssd-winbind-idmap-debuginfo-2.5.2-150400.4.14.1 * sssd-winbind-idmap-2.5.2-150400.4.14.1 * sssd-krb5-debuginfo-2.5.2-150400.4.14.1 * libsss_idmap-devel-2.5.2-150400.4.14.1 * sssd-common-2.5.2-150400.4.14.1 * python3-sssd-config-2.5.2-150400.4.14.1 * libsss_nss_idmap0-debuginfo-2.5.2-150400.4.14.1 * python3-sssd-config-debuginfo-2.5.2-150400.4.14.1 * libipa_hbac0-debuginfo-2.5.2-150400.4.14.1 * Basesystem Module 15-SP4 (x86_64) * sssd-common-32bit-2.5.2-150400.4.14.1 * sssd-common-32bit-debuginfo-2.5.2-150400.4.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213283 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:14 -0000 Subject: SUSE-FU-2023:3213-1: moderate: Feature update for gnu-compilers-hpc Message-ID: <169142581463.22905.11703334684576158824@smelt2.suse.de> # Feature update for gnu-compilers-hpc Announcement ID: SUSE-FU-2023:3213-1 Rating: moderate References: * #1212351 Affected Products: * HPC Module 15-SP4 * HPC Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains two features and has one feature fix can now be installed. ## Description: This recommended update for gnu-compilers-hpc provides the following feature: * Ship gnu12-compiler-hpc-devel and gnu12-compilers-hpc-macros-devel (jsc#PED-2896) * Fix posttrans script (bsc#1212351). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-3213=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3213=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3213=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3213=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3213=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-3213=1 ## Package List: * HPC Module 15-SP5 (noarch) * gnu-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu-compilers-hpc-1.4-150100.3.25.1 * gnu-compilers-hpc-devel-1.4-150100.3.25.1 * gnu12-compilers-hpc-1.4-150100.3.25.1 * gnu12-compilers-hpc-devel-1.4-150100.3.25.1 * SUSE Package Hub 15 15-SP4 (noarch) * gnu-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu10-compilers-hpc-1.4-150100.3.25.1 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu-compilers-hpc-1.4-150100.3.25.1 * gnu10-compilers-hpc-devel-1.4-150100.3.25.1 * gnu-compilers-hpc-devel-1.4-150100.3.25.1 * SUSE Package Hub 15 15-SP5 (noarch) * gnu-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu10-compilers-hpc-1.4-150100.3.25.1 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu-compilers-hpc-1.4-150100.3.25.1 * gnu10-compilers-hpc-devel-1.4-150100.3.25.1 * gnu-compilers-hpc-devel-1.4-150100.3.25.1 * openSUSE Leap 15.4 (noarch) * gnu-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu10-compilers-hpc-1.4-150100.3.25.1 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu9-compilers-hpc-1.4-150100.3.25.1 * gnu11-compilers-hpc-1.4-150100.3.25.1 * gnu11-compilers-hpc-devel-1.4-150100.3.25.1 * gnu9-compilers-hpc-devel-1.4-150100.3.25.1 * gnu-compilers-hpc-1.4-150100.3.25.1 * gnu9-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu10-compilers-hpc-devel-1.4-150100.3.25.1 * gnu-compilers-hpc-devel-1.4-150100.3.25.1 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.25.1 * openSUSE Leap 15.5 (noarch) * gnu-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu10-compilers-hpc-1.4-150100.3.25.1 * gnu10-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu9-compilers-hpc-1.4-150100.3.25.1 * gnu11-compilers-hpc-1.4-150100.3.25.1 * gnu11-compilers-hpc-devel-1.4-150100.3.25.1 * gnu9-compilers-hpc-devel-1.4-150100.3.25.1 * gnu-compilers-hpc-1.4-150100.3.25.1 * gnu9-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu10-compilers-hpc-devel-1.4-150100.3.25.1 * gnu12-compilers-hpc-1.4-150100.3.25.1 * gnu-compilers-hpc-devel-1.4-150100.3.25.1 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu12-compilers-hpc-devel-1.4-150100.3.25.1 * HPC Module 15-SP4 (noarch) * gnu-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu12-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu11-compilers-hpc-1.4-150100.3.25.1 * gnu11-compilers-hpc-devel-1.4-150100.3.25.1 * gnu-compilers-hpc-1.4-150100.3.25.1 * gnu-compilers-hpc-devel-1.4-150100.3.25.1 * gnu12-compilers-hpc-1.4-150100.3.25.1 * gnu11-compilers-hpc-macros-devel-1.4-150100.3.25.1 * gnu12-compilers-hpc-devel-1.4-150100.3.25.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212351 * https://jira.suse.com/browse/MSC-639 * https://jira.suse.com/browse/PED-2790 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:16 -0000 Subject: SUSE-RU-2023:3212-1: important: Recommended update for tboot Message-ID: <169142581690.22905.3517665521128295686@smelt2.suse.de> # Recommended update for tboot Announcement ID: SUSE-RU-2023:3212-1 Rating: important References: * #1207833 Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for tboot fixes the following issues: * Correctly move MBI from a lower address above tboot (bsc#1207833). This fixes a broken boot situation in some configurations stopping with log line "TBOOT: loader context was moved from 0x
to 0x
". * Bump date in version string to fix the upgrade path from SLE-12-SP5, which is at 2019070. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3212=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3212=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3212=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3212=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3212=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3212=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3212=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3212=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3212=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3212=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3212=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3212=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3212=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Manager Proxy 4.2 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Manager Server 4.2 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Enterprise Storage 7.1 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 * SUSE Enterprise Storage 7 (x86_64) * tboot-debugsource-20200501_1.10.2-150200.15.16.1 * tboot-20200501_1.10.2-150200.15.16.1 * tboot-debuginfo-20200501_1.10.2-150200.15.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207833 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:18 -0000 Subject: SUSE-RU-2023:3211-1: low: Recommended update for xdm Message-ID: <169142581856.22905.15885293434102154600@smelt2.suse.de> # Recommended update for xdm Announcement ID: SUSE-RU-2023:3211-1 Rating: low References: * #1211267 Affected Products: * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for xdm fixes the following issues: * Requires cpp because it uses preprocessor directives in Xresources (bsc#1211267) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3211=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3211=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3211=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * xdm-debuginfo-1.1.11-150000.13.12.1 * xdm-debugsource-1.1.11-150000.13.12.1 * xdm-1.1.11-150000.13.12.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xdm-debuginfo-1.1.11-150000.13.12.1 * xdm-debugsource-1.1.11-150000.13.12.1 * xdm-1.1.11-150000.13.12.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * xdm-debuginfo-1.1.11-150000.13.12.1 * xdm-debugsource-1.1.11-150000.13.12.1 * xdm-1.1.11-150000.13.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211267 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:20 -0000 Subject: SUSE-SU-2023:3210-1: moderate: Security update for pcre2 Message-ID: <169142582040.22905.9934327932611914529@smelt2.suse.de> # Security update for pcre2 Announcement ID: SUSE-SU-2023:3210-1 Rating: moderate References: * #1213514 Cross-References: * CVE-2022-41409 CVSS scores: * CVE-2022-41409 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41409 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for pcre2 fixes the following issues: * CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3210=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3210=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3210=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3210=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3210=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3210=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * libpcre2-16-0-debuginfo-10.31-150000.3.15.1 * libpcre2-32-0-debuginfo-10.31-150000.3.15.1 * libpcre2-posix2-debuginfo-10.31-150000.3.15.1 * pcre2-devel-10.31-150000.3.15.1 * libpcre2-8-0-debuginfo-10.31-150000.3.15.1 * libpcre2-posix2-10.31-150000.3.15.1 * pcre2-debugsource-10.31-150000.3.15.1 * libpcre2-32-0-10.31-150000.3.15.1 * libpcre2-8-0-10.31-150000.3.15.1 * libpcre2-16-0-10.31-150000.3.15.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libpcre2-16-0-debuginfo-10.31-150000.3.15.1 * libpcre2-32-0-debuginfo-10.31-150000.3.15.1 * libpcre2-posix2-debuginfo-10.31-150000.3.15.1 * pcre2-devel-10.31-150000.3.15.1 * libpcre2-8-0-debuginfo-10.31-150000.3.15.1 * libpcre2-posix2-10.31-150000.3.15.1 * pcre2-debugsource-10.31-150000.3.15.1 * libpcre2-32-0-10.31-150000.3.15.1 * libpcre2-8-0-10.31-150000.3.15.1 * libpcre2-16-0-10.31-150000.3.15.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libpcre2-16-0-debuginfo-10.31-150000.3.15.1 * libpcre2-32-0-debuginfo-10.31-150000.3.15.1 * libpcre2-posix2-debuginfo-10.31-150000.3.15.1 * pcre2-devel-10.31-150000.3.15.1 * libpcre2-8-0-debuginfo-10.31-150000.3.15.1 * libpcre2-posix2-10.31-150000.3.15.1 * pcre2-debugsource-10.31-150000.3.15.1 * libpcre2-32-0-10.31-150000.3.15.1 * libpcre2-8-0-10.31-150000.3.15.1 * libpcre2-16-0-10.31-150000.3.15.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libpcre2-8-0-10.31-150000.3.15.1 * pcre2-debugsource-10.31-150000.3.15.1 * libpcre2-8-0-debuginfo-10.31-150000.3.15.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libpcre2-8-0-10.31-150000.3.15.1 * pcre2-debugsource-10.31-150000.3.15.1 * libpcre2-8-0-debuginfo-10.31-150000.3.15.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libpcre2-8-0-10.31-150000.3.15.1 * pcre2-debugsource-10.31-150000.3.15.1 * libpcre2-8-0-debuginfo-10.31-150000.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41409.html * https://bugzilla.suse.com/show_bug.cgi?id=1213514 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:22 -0000 Subject: SUSE-SU-2023:3209-1: moderate: Security update for libqt5-qtsvg Message-ID: <169142582255.22905.3793002927508256738@smelt2.suse.de> # Security update for libqt5-qtsvg Announcement ID: SUSE-SU-2023:3209-1 Rating: moderate References: * #1196654 * #1211298 Cross-References: * CVE-2021-45930 * CVE-2023-32573 CVSS scores: * CVE-2021-45930 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-45930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-32573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for libqt5-qtsvg fixes the following issues: * CVE-2021-45930: Fixed an out-of-bounds write that may have lead to a denial- of-service (bsc#1196654). * CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm variable (bsc#1211298). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3209=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3209=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3209=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3209=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libQt5Svg5-debuginfo-5.12.7-150200.3.8.1 * libqt5-qtsvg-devel-5.12.7-150200.3.8.1 * libqt5-qtsvg-debugsource-5.12.7-150200.3.8.1 * libQt5Svg5-5.12.7-150200.3.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libqt5-qtsvg-private-headers-devel-5.12.7-150200.3.8.1 * SUSE Manager Proxy 4.2 (x86_64) * libQt5Svg5-debuginfo-5.12.7-150200.3.8.1 * libqt5-qtsvg-devel-5.12.7-150200.3.8.1 * libqt5-qtsvg-debugsource-5.12.7-150200.3.8.1 * libQt5Svg5-5.12.7-150200.3.8.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libQt5Svg5-debuginfo-5.12.7-150200.3.8.1 * libqt5-qtsvg-devel-5.12.7-150200.3.8.1 * libqt5-qtsvg-debugsource-5.12.7-150200.3.8.1 * libQt5Svg5-5.12.7-150200.3.8.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libQt5Svg5-debuginfo-5.12.7-150200.3.8.1 * libqt5-qtsvg-devel-5.12.7-150200.3.8.1 * libqt5-qtsvg-debugsource-5.12.7-150200.3.8.1 * libQt5Svg5-5.12.7-150200.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2021-45930.html * https://www.suse.com/security/cve/CVE-2023-32573.html * https://bugzilla.suse.com/show_bug.cgi?id=1196654 * https://bugzilla.suse.com/show_bug.cgi?id=1211298 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:25 -0000 Subject: SUSE-SU-2023:3208-1: important: Security update for librsvg Message-ID: <169142582535.22905.7651750789477657630@smelt2.suse.de> # Security update for librsvg Announcement ID: SUSE-SU-2023:3208-1 Rating: important References: * #1213502 Cross-References: * CVE-2023-38633 CVSS scores: * CVE-2023-38633 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-38633 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for librsvg fixes the following issues: librsvg was updated to version 2.46.7: * CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3208=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3208=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3208=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3208=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3208=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3208=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3208=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3208=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3208=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3208=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3208=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3208=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3208=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3208=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3208=1 ## Package List: * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1 * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-devel-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1 * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-devel-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * openSUSE Leap 15.4 (noarch) * librsvg-lang-2.46.7-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1 * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-devel-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1 * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-devel-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1 * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-devel-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1 * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-devel-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1 * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-devel-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1 * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-devel-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * typelib-1_0-Rsvg-2_0-2.46.7-150200.3.9.1 * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-devel-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Manager Proxy 4.2 (x86_64) * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * librsvg-2-2-2.46.7-150200.3.9.1 * librsvg-2-2-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.46.7-150200.3.9.1 * gdk-pixbuf-loader-rsvg-2.46.7-150200.3.9.1 * librsvg-debugsource-2.46.7-150200.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38633.html * https://bugzilla.suse.com/show_bug.cgi?id=1213502 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:29 -0000 Subject: SUSE-SU-2023:3207-1: important: Security update for libqt5-qtbase Message-ID: <169142582926.22905.5641336774458217275@smelt2.suse.de> # Security update for libqt5-qtbase Announcement ID: SUSE-SU-2023:3207-1 Rating: important References: * #1209616 * #1211642 * #1211797 * #1211994 * #1213326 Cross-References: * CVE-2023-24607 * CVE-2023-32762 * CVE-2023-33285 * CVE-2023-34410 * CVE-2023-38197 CVSS scores: * CVE-2023-24607 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32762 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-32762 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-33285 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-33285 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34410 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-38197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for libqt5-qtbase fixes the following issues: * CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994). * CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642). * CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport- security (HSTS) header (bsc#1211797). * CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326). * CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3207=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3207=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3207=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3207=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3207=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3207=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3207=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3207=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3207=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3207=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3207=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3207=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.23.1 * libQt5Core5-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-mysql-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.23.1 * libQt5Core5-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-mysql-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.23.1 * libQt5Core5-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-mysql-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.23.1 * libQt5Core5-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-mysql-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.23.1 * libQt5Core5-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-mysql-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.23.1 * libQt5Core5-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-mysql-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.23.1 * libQt5Core5-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-mysql-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Manager Proxy 4.2 (x86_64) * libQt5Core5-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Manager Proxy 4.2 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libQt5Core5-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libQt5Core5-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Manager Server 4.2 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.23.1 * libQt5Core5-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-mysql-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Enterprise Storage 7.1 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libQt5Sql5-mysql-debuginfo-5.12.7-150200.4.23.1 * libQt5Core5-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-debuginfo-5.12.7-150200.4.23.1 * libQt5Concurrent5-5.12.7-150200.4.23.1 * libQt5Concurrent5-debuginfo-5.12.7-150200.4.23.1 * libQt5PlatformSupport-devel-static-5.12.7-150200.4.23.1 * libQt5OpenGLExtensions-devel-static-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5Xml-devel-5.12.7-150200.4.23.1 * libQt5Network5-5.12.7-150200.4.23.1 * libQt5Network-devel-5.12.7-150200.4.23.1 * libQt5DBus5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-common-devel-5.12.7-150200.4.23.1 * libQt5Gui5-5.12.7-150200.4.23.1 * libQt5DBus-devel-5.12.7-150200.4.23.1 * libQt5Core5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-debuginfo-5.12.7-150200.4.23.1 * libQt5DBus-devel-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport5-5.12.7-150200.4.23.1 * libQt5Concurrent-devel-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-5.12.7-150200.4.23.1 * libQt5Sql5-mysql-5.12.7-150200.4.23.1 * libQt5Sql5-5.12.7-150200.4.23.1 * libQt5Sql-devel-5.12.7-150200.4.23.1 * libQt5Xml5-5.12.7-150200.4.23.1 * libQt5Test-devel-5.12.7-150200.4.23.1 * libQt5OpenGL5-debuginfo-5.12.7-150200.4.23.1 * libQt5Widgets5-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-5.12.7-150200.4.23.1 * libqt5-qtbase-platformtheme-gtk3-5.12.7-150200.4.23.1 * libQt5Xml5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui-devel-5.12.7-150200.4.23.1 * libQt5Test5-debuginfo-5.12.7-150200.4.23.1 * libqt5-qtbase-devel-5.12.7-150200.4.23.1 * libQt5Sql5-unixODBC-debuginfo-5.12.7-150200.4.23.1 * libQt5KmsSupport-devel-static-5.12.7-150200.4.23.1 * libQt5Core-devel-5.12.7-150200.4.23.1 * libQt5PlatformHeaders-devel-5.12.7-150200.4.23.1 * libQt5Test5-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-5.12.7-150200.4.23.1 * libQt5OpenGL-devel-5.12.7-150200.4.23.1 * libQt5Sql5-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-postgresql-debuginfo-5.12.7-150200.4.23.1 * libQt5Sql5-sqlite-5.12.7-150200.4.23.1 * libqt5-qtbase-debugsource-5.12.7-150200.4.23.1 * libQt5Network5-debuginfo-5.12.7-150200.4.23.1 * libQt5Gui5-debuginfo-5.12.7-150200.4.23.1 * libQt5PrintSupport-devel-5.12.7-150200.4.23.1 * libQt5DBus5-5.12.7-150200.4.23.1 * SUSE Enterprise Storage 7 (noarch) * libQt5PlatformSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Sql-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Test-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Core-private-headers-devel-5.12.7-150200.4.23.1 * libQt5DBus-private-headers-devel-5.12.7-150200.4.23.1 * libQt5OpenGL-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Widgets-private-headers-devel-5.12.7-150200.4.23.1 * libQt5KmsSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5PrintSupport-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Gui-private-headers-devel-5.12.7-150200.4.23.1 * libqt5-qtbase-private-headers-devel-5.12.7-150200.4.23.1 * libQt5Network-private-headers-devel-5.12.7-150200.4.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24607.html * https://www.suse.com/security/cve/CVE-2023-32762.html * https://www.suse.com/security/cve/CVE-2023-33285.html * https://www.suse.com/security/cve/CVE-2023-34410.html * https://www.suse.com/security/cve/CVE-2023-38197.html * https://bugzilla.suse.com/show_bug.cgi?id=1209616 * https://bugzilla.suse.com/show_bug.cgi?id=1211642 * https://bugzilla.suse.com/show_bug.cgi?id=1211797 * https://bugzilla.suse.com/show_bug.cgi?id=1211994 * https://bugzilla.suse.com/show_bug.cgi?id=1213326 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:32 -0000 Subject: SUSE-SU-2023:3206-1: moderate: Security update for kernel-firmware Message-ID: <169142583286.22905.4843728445645013192@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3206-1 Rating: moderate References: * #1213286 Cross-References: * CVE-2023-20593 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3206=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3206=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3206=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3206=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3206=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3206=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3206=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3206=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3206=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3206=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3206=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-firmware-20210208-150300.4.13.1 * kernel-firmware-brcm-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-firmware-20210208-150300.4.13.1 * kernel-firmware-brcm-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-firmware-20210208-150300.4.13.1 * kernel-firmware-brcm-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-firmware-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * SUSE Manager Proxy 4.2 (noarch) * kernel-firmware-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-firmware-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * SUSE Manager Server 4.2 (noarch) * kernel-firmware-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-firmware-20210208-150300.4.13.1 * kernel-firmware-brcm-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * kernel-firmware-realtek-20210208-150300.4.13.1 * kernel-firmware-bnx2-20210208-150300.4.13.1 * kernel-firmware-all-20210208-150300.4.13.1 * kernel-firmware-iwlwifi-20210208-150300.4.13.1 * kernel-firmware-amdgpu-20210208-150300.4.13.1 * kernel-firmware-nfp-20210208-150300.4.13.1 * kernel-firmware-nvidia-20210208-150300.4.13.1 * kernel-firmware-qlogic-20210208-150300.4.13.1 * kernel-firmware-chelsio-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * kernel-firmware-ath10k-20210208-150300.4.13.1 * kernel-firmware-dpaa2-20210208-150300.4.13.1 * kernel-firmware-marvell-20210208-150300.4.13.1 * kernel-firmware-serial-20210208-150300.4.13.1 * kernel-firmware-atheros-20210208-150300.4.13.1 * kernel-firmware-brcm-20210208-150300.4.13.1 * kernel-firmware-i915-20210208-150300.4.13.1 * kernel-firmware-radeon-20210208-150300.4.13.1 * kernel-firmware-media-20210208-150300.4.13.1 * kernel-firmware-ath11k-20210208-150300.4.13.1 * kernel-firmware-intel-20210208-150300.4.13.1 * kernel-firmware-platform-20210208-150300.4.13.1 * kernel-firmware-usb-network-20210208-150300.4.13.1 * kernel-firmware-ti-20210208-150300.4.13.1 * kernel-firmware-bluetooth-20210208-150300.4.13.1 * kernel-firmware-mwifiex-20210208-150300.4.13.1 * kernel-firmware-prestera-20210208-150300.4.13.1 * kernel-firmware-network-20210208-150300.4.13.1 * kernel-firmware-mellanox-20210208-150300.4.13.1 * kernel-firmware-sound-20210208-150300.4.13.1 * kernel-firmware-liquidio-20210208-150300.4.13.1 * kernel-firmware-mediatek-20210208-150300.4.13.1 * kernel-firmware-ueagle-20210208-150300.4.13.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-firmware-realtek-20210208-150300.4.13.1 * kernel-firmware-bnx2-20210208-150300.4.13.1 * kernel-firmware-all-20210208-150300.4.13.1 * kernel-firmware-iwlwifi-20210208-150300.4.13.1 * kernel-firmware-amdgpu-20210208-150300.4.13.1 * kernel-firmware-nfp-20210208-150300.4.13.1 * kernel-firmware-nvidia-20210208-150300.4.13.1 * kernel-firmware-qlogic-20210208-150300.4.13.1 * kernel-firmware-chelsio-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * kernel-firmware-ath10k-20210208-150300.4.13.1 * kernel-firmware-dpaa2-20210208-150300.4.13.1 * kernel-firmware-marvell-20210208-150300.4.13.1 * kernel-firmware-serial-20210208-150300.4.13.1 * kernel-firmware-atheros-20210208-150300.4.13.1 * kernel-firmware-brcm-20210208-150300.4.13.1 * kernel-firmware-i915-20210208-150300.4.13.1 * kernel-firmware-radeon-20210208-150300.4.13.1 * kernel-firmware-media-20210208-150300.4.13.1 * kernel-firmware-ath11k-20210208-150300.4.13.1 * kernel-firmware-intel-20210208-150300.4.13.1 * kernel-firmware-platform-20210208-150300.4.13.1 * kernel-firmware-usb-network-20210208-150300.4.13.1 * kernel-firmware-ti-20210208-150300.4.13.1 * kernel-firmware-bluetooth-20210208-150300.4.13.1 * kernel-firmware-mwifiex-20210208-150300.4.13.1 * kernel-firmware-prestera-20210208-150300.4.13.1 * kernel-firmware-network-20210208-150300.4.13.1 * kernel-firmware-mellanox-20210208-150300.4.13.1 * kernel-firmware-sound-20210208-150300.4.13.1 * kernel-firmware-liquidio-20210208-150300.4.13.1 * kernel-firmware-mediatek-20210208-150300.4.13.1 * kernel-firmware-ueagle-20210208-150300.4.13.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-firmware-realtek-20210208-150300.4.13.1 * kernel-firmware-bnx2-20210208-150300.4.13.1 * kernel-firmware-all-20210208-150300.4.13.1 * kernel-firmware-iwlwifi-20210208-150300.4.13.1 * kernel-firmware-amdgpu-20210208-150300.4.13.1 * kernel-firmware-nfp-20210208-150300.4.13.1 * kernel-firmware-nvidia-20210208-150300.4.13.1 * kernel-firmware-qlogic-20210208-150300.4.13.1 * kernel-firmware-chelsio-20210208-150300.4.13.1 * ucode-amd-20210208-150300.4.13.1 * kernel-firmware-ath10k-20210208-150300.4.13.1 * kernel-firmware-dpaa2-20210208-150300.4.13.1 * kernel-firmware-marvell-20210208-150300.4.13.1 * kernel-firmware-serial-20210208-150300.4.13.1 * kernel-firmware-atheros-20210208-150300.4.13.1 * kernel-firmware-brcm-20210208-150300.4.13.1 * kernel-firmware-i915-20210208-150300.4.13.1 * kernel-firmware-radeon-20210208-150300.4.13.1 * kernel-firmware-media-20210208-150300.4.13.1 * kernel-firmware-ath11k-20210208-150300.4.13.1 * kernel-firmware-intel-20210208-150300.4.13.1 * kernel-firmware-platform-20210208-150300.4.13.1 * kernel-firmware-usb-network-20210208-150300.4.13.1 * kernel-firmware-ti-20210208-150300.4.13.1 * kernel-firmware-bluetooth-20210208-150300.4.13.1 * kernel-firmware-mwifiex-20210208-150300.4.13.1 * kernel-firmware-prestera-20210208-150300.4.13.1 * kernel-firmware-network-20210208-150300.4.13.1 * kernel-firmware-mellanox-20210208-150300.4.13.1 * kernel-firmware-sound-20210208-150300.4.13.1 * kernel-firmware-liquidio-20210208-150300.4.13.1 * kernel-firmware-mediatek-20210208-150300.4.13.1 * kernel-firmware-ueagle-20210208-150300.4.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1213286 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 16:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 16:30:34 -0000 Subject: SUSE-RU-2023:3205-1: moderate: Recommended update for yast2-installation Message-ID: <169142583491.22905.6967975291039167079@smelt2.suse.de> # Recommended update for yast2-installation Announcement ID: SUSE-RU-2023:3205-1 Rating: moderate References: * #1211764 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-installation fixes the following issues: * Don't always enable sshd and open the ssh port (bsc#1211764) * Update to version 4.4.59 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3205=1 openSUSE-SLE-15.4-2023-3205=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3205=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3205=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3205=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3205=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3205=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3205=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3205=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3205=1 ## Package List: * openSUSE Leap 15.4 (noarch) * yast2-installation-4.4.59-150400.3.18.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (noarch) * yast2-installation-4.4.59-150400.3.18.1 * SUSE Linux Enterprise Server 15 SP4 (noarch) * yast2-installation-4.4.59-150400.3.18.1 * SUSE Manager Server 4.3 (noarch) * yast2-installation-4.4.59-150400.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * yast2-installation-4.4.59-150400.3.18.1 * SUSE Linux Enterprise Desktop 15 SP4 (noarch) * yast2-installation-4.4.59-150400.3.18.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * yast2-installation-4.4.59-150400.3.18.1 * SUSE Manager Proxy 4.3 (noarch) * yast2-installation-4.4.59-150400.3.18.1 * Basesystem Module 15-SP4 (noarch) * yast2-installation-4.4.59-150400.3.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211764 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 20:31:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 20:31:56 -0000 Subject: SUSE-SU-2023:3222-1: important: Security update for gstreamer-plugins-ugly Message-ID: <169144031670.12550.12972701712382248814@smelt2.suse.de> # Security update for gstreamer-plugins-ugly Announcement ID: SUSE-SU-2023:3222-1 Rating: important References: * #1213750 * #1213751 Cross-References: * CVE-2023-38103 * CVE-2023-38104 CVSS scores: * CVE-2023-38103 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38104 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-ugly fixes the following issues: * CVE-2023-38103: Fixed integer overflow during parsing of MDPR chunks (bsc#1213751). * CVE-2023-38104: Fixed integer overflow during parsing of MDPR chunks (bsc#1213750). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3222=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-ugly-doc-1.16.3-150200.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38103.html * https://www.suse.com/security/cve/CVE-2023-38104.html * https://bugzilla.suse.com/show_bug.cgi?id=1213750 * https://bugzilla.suse.com/show_bug.cgi?id=1213751 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 20:31:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 20:31:59 -0000 Subject: SUSE-SU-2023:3221-1: important: Security update for gstreamer-plugins-base Message-ID: <169144031980.12550.5464970128132264151@smelt2.suse.de> # Security update for gstreamer-plugins-base Announcement ID: SUSE-SU-2023:3221-1 Rating: important References: * #1213128 * #1213131 Cross-References: * CVE-2023-37327 * CVE-2023-37328 CVSS scores: * CVE-2023-37327 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37328 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-base fixes the following issues: * CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). * CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS (bsc#1213131). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3221=1 openSUSE-SLE-15.4-2023-3221=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3221=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3221=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3221=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3221=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3221=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3221=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3221=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3221=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-GstSdp-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstApp-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstGL-1_0-1.20.1-150400.3.3.1 * libgsttag-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.3.1 * libgstsdp-1_0-0-1.20.1-150400.3.3.1 * libgstapp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.3.1 * libgstgl-1_0-0-1.20.1-150400.3.3.1 * typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-1.20.1-150400.3.3.1 * libgstfft-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstTag-1_0-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstfft-1_0-0-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-1.20.1-150400.3.3.1 * libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstriff-1_0-0-1.20.1-150400.3.3.1 * typelib-1_0-GstRtp-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-1.20.1-150400.3.3.1 * libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-1.20.1-150400.3.3.1 * libgstapp-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-devel-1.20.1-150400.3.3.1 * typelib-1_0-GstAudio-1_0-1.20.1-150400.3.3.1 * libgstgl-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstrtp-1_0-0-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-1.20.1-150400.3.3.1 * libgsttag-1_0-0-1.20.1-150400.3.3.1 * libgstrtsp-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debugsource-1.20.1-150400.3.3.1 * libgstriff-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstVideo-1_0-1.20.1-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libgstaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstfft-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstgl-1_0-0-32bit-1.20.1-150400.3.3.1 * gstreamer-plugins-base-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstrtp-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstrtsp-1_0-0-32bit-1.20.1-150400.3.3.1 * gstreamer-plugins-base-devel-32bit-1.20.1-150400.3.3.1 * libgstgl-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-32bit-1.20.1-150400.3.3.1 * libgsttag-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgsttag-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstriff-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstfft-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstrtsp-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstapp-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstsdp-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-32bit-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstsdp-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstriff-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstrtp-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstapp-1_0-0-32bit-1.20.1-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * gstreamer-plugins-base-lang-1.20.1-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgstsdp-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstfft-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstsdp-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstapp-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstriff-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstrtp-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstrtsp-1_0-0-64bit-1.20.1-150400.3.3.1 * libgsttag-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstgl-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstfft-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstgl-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstrtp-1_0-0-64bit-1.20.1-150400.3.3.1 * gstreamer-plugins-base-64bit-1.20.1-150400.3.3.1 * libgsttag-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstriff-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstapp-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-devel-64bit-1.20.1-150400.3.3.1 * libgstrtsp-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-64bit-1.20.1-150400.3.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libgstriff-1_0-0-1.20.1-150400.3.3.1 * libgstapp-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-1.20.1-150400.3.3.1 * libgstgl-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgsttag-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-1.20.1-150400.3.3.1 * libgsttag-1_0-0-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstapp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debugsource-1.20.1-150400.3.3.1 * libgstriff-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstgl-1_0-0-1.20.1-150400.3.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libgstriff-1_0-0-1.20.1-150400.3.3.1 * libgstapp-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-1.20.1-150400.3.3.1 * libgstgl-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgsttag-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-1.20.1-150400.3.3.1 * libgsttag-1_0-0-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstapp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debugsource-1.20.1-150400.3.3.1 * libgstriff-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstgl-1_0-0-1.20.1-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libgstriff-1_0-0-1.20.1-150400.3.3.1 * libgstapp-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-1.20.1-150400.3.3.1 * libgstgl-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgsttag-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-1.20.1-150400.3.3.1 * libgsttag-1_0-0-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstapp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debugsource-1.20.1-150400.3.3.1 * libgstriff-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstgl-1_0-0-1.20.1-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libgstriff-1_0-0-1.20.1-150400.3.3.1 * libgstapp-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-1.20.1-150400.3.3.1 * libgstgl-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgsttag-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-1.20.1-150400.3.3.1 * libgsttag-1_0-0-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstapp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debugsource-1.20.1-150400.3.3.1 * libgstriff-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstgl-1_0-0-1.20.1-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libgstriff-1_0-0-1.20.1-150400.3.3.1 * libgstapp-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-1.20.1-150400.3.3.1 * libgstgl-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgsttag-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-1.20.1-150400.3.3.1 * libgsttag-1_0-0-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstapp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debugsource-1.20.1-150400.3.3.1 * libgstriff-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstgl-1_0-0-1.20.1-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libgstriff-1_0-0-1.20.1-150400.3.3.1 * libgstapp-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-1.20.1-150400.3.3.1 * libgstgl-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgsttag-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-1.20.1-150400.3.3.1 * libgsttag-1_0-0-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstapp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debugsource-1.20.1-150400.3.3.1 * libgstriff-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstgl-1_0-0-1.20.1-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstSdp-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstApp-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstGL-1_0-1.20.1-150400.3.3.1 * libgsttag-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.3.1 * libgstsdp-1_0-0-1.20.1-150400.3.3.1 * libgstapp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.3.1 * libgstgl-1_0-0-1.20.1-150400.3.3.1 * typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-1.20.1-150400.3.3.1 * libgstfft-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstTag-1_0-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstfft-1_0-0-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-1.20.1-150400.3.3.1 * libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstriff-1_0-0-1.20.1-150400.3.3.1 * typelib-1_0-GstRtp-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.3.1 * libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-1.20.1-150400.3.3.1 * libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-1.20.1-150400.3.3.1 * libgstapp-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-devel-1.20.1-150400.3.3.1 * typelib-1_0-GstAudio-1_0-1.20.1-150400.3.3.1 * libgstgl-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstrtp-1_0-0-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-1.20.1-150400.3.3.1 * libgsttag-1_0-0-1.20.1-150400.3.3.1 * libgstrtsp-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debugsource-1.20.1-150400.3.3.1 * libgstriff-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstVideo-1_0-1.20.1-150400.3.3.1 * Basesystem Module 15-SP4 (noarch) * gstreamer-plugins-base-lang-1.20.1-150400.3.3.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libgstvideo-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstvideo-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debuginfo-1.20.1-150400.3.3.1 * libgstaudio-1_0-0-32bit-1.20.1-150400.3.3.1 * libgsttag-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgsttag-1_0-0-32bit-1.20.1-150400.3.3.1 * gstreamer-plugins-base-debugsource-1.20.1-150400.3.3.1 * gstreamer-plugins-base-32bit-debuginfo-1.20.1-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37327.html * https://www.suse.com/security/cve/CVE-2023-37328.html * https://bugzilla.suse.com/show_bug.cgi?id=1213128 * https://bugzilla.suse.com/show_bug.cgi?id=1213131 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 20:32:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 20:32:02 -0000 Subject: SUSE-SU-2023:3220-1: important: Security update for gstreamer-plugins-bad Message-ID: <169144032277.12550.3640519208584477476@smelt2.suse.de> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:3220-1 Rating: important References: * #1213126 Cross-References: * CVE-2023-37329 CVSS scores: * CVE-2023-37329 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-37329: Fixed GStreamer SRT File Parsing Heap-based Buffer Overflow (bsc#1213126). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3220=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3220=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3220=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3220=1 ## Package List: * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.3.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.3.1 * libgstplay-1_0-0-1.20.1-150400.3.3.1 * libgstphotography-1_0-0-1.20.1-150400.3.3.1 * libgstplayer-1_0-0-1.20.1-150400.3.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgstcodecparsers-1_0-0-1.20.1-150400.3.3.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-1.20.1-150400.3.3.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.3.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstadaptivedemux-1_0-0-1.20.1-150400.3.3.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.3.1 * libgstmpegts-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.3.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.3.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.3.1 * libgstvulkan-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.3.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.3.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstwayland-1_0-0-1.20.1-150400.3.3.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstisoff-1_0-0-1.20.1-150400.3.3.1 * libgstsctp-1_0-0-1.20.1-150400.3.3.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.3.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.3.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.3.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.3.1 * libgstcodecs-1_0-0-1.20.1-150400.3.3.1 * libgstva-1_0-0-1.20.1-150400.3.3.1 * Desktop Applications Module 15-SP4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libgsttranscoder-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.3.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libgstcodecparsers-1_0-0-1.20.1-150400.3.3.1 * libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstVulkanWayland-1_0-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-1.20.1-150400.3.3.1 * gstreamer-transcoder-1.20.1-150400.3.3.1 * libgstplay-1_0-0-1.20.1-150400.3.3.1 * typelib-1_0-GstVulkanXCB-1_0-1.20.1-150400.3.3.1 * libgstinsertbin-1_0-0-1.20.1-150400.3.3.1 * libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstadaptivedemux-1_0-0-1.20.1-150400.3.3.1 * libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstVulkan-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.3.1 * libgstmpegts-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-debugsource-1.20.1-150400.3.3.1 * libgstplay-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgsturidownloader-1_0-0-1.20.1-150400.3.3.1 * typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.3.1 * typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.3.1 * libgstvulkan-1_0-0-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.3.1 * libgstbadaudio-1_0-0-1.20.1-150400.3.3.1 * libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstphotography-1_0-0-1.20.1-150400.3.3.1 * libgstwayland-1_0-0-1.20.1-150400.3.3.1 * libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstisoff-1_0-0-1.20.1-150400.3.3.1 * libgstsctp-1_0-0-1.20.1-150400.3.3.1 * libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.3.1 * gstreamer-transcoder-debuginfo-1.20.1-150400.3.3.1 * libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstwebrtc-1_0-0-1.20.1-150400.3.3.1 * libgstplayer-1_0-0-1.20.1-150400.3.3.1 * libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstva-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstTranscoder-1_0-1.20.1-150400.3.3.1 * libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.3.1 * libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstPlay-1_0-1.20.1-150400.3.3.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.3.1 * libgsttranscoder-1_0-0-1.20.1-150400.3.3.1 * libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.3.1 * typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-devel-1.20.1-150400.3.3.1 * libgstcodecs-1_0-0-1.20.1-150400.3.3.1 * gstreamer-transcoder-devel-1.20.1-150400.3.3.1 * libgstva-1_0-0-1.20.1-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstplayer-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstbadaudio-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstwayland-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstinsertbin-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstisoff-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstphotography-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstcodecparsers-1_0-0-32bit-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstwayland-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstvulkan-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstwebrtc-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstcodecs-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstadaptivedemux-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstphotography-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgsturidownloader-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstmpegts-1_0-0-32bit-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-chromaprint-32bit-1.20.1-150400.3.3.1 * libgstplay-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstplay-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstisoff-1_0-0-32bit-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-32bit-1.20.1-150400.3.3.1 * libgstplayer-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstva-1_0-0-32bit-1.20.1-150400.3.3.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstva-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-150400.3.3.1 * libgstsctp-1_0-0-32bit-1.20.1-150400.3.3.1 * libgstsctp-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * gstreamer-plugins-bad-lang-1.20.1-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgstsctp-1_0-0-64bit-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstcodecs-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstcodecparsers-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstinsertbin-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstphotography-1_0-0-64bit-1.20.1-150400.3.3.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstva-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstvulkan-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstwayland-1_0-0-64bit-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-chromaprint-64bit-1.20.1-150400.3.3.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstphotography-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstisoff-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstwebrtc-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstwayland-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstisoff-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstbadaudio-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstadaptivedemux-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstplay-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-64bit-1.20.1-150400.3.3.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-bad-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstplayer-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstplayer-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstva-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstmpegts-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgsturidownloader-1_0-0-64bit-1.20.1-150400.3.3.1 * libgstsctp-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1 * libgstplay-1_0-0-64bit-1.20.1-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37329.html * https://bugzilla.suse.com/show_bug.cgi?id=1213126 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 7 20:32:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 07 Aug 2023 20:32:08 -0000 Subject: SUSE-SU-2023:3219-1: important: Security update for gstreamer-plugins-good Message-ID: <169144032806.12550.17902103675993582330@smelt2.suse.de> # Security update for gstreamer-plugins-good Announcement ID: SUSE-SU-2023:3219-1 Rating: important References: * #1213128 Cross-References: * CVE-2023-37327 CVSS scores: * CVE-2023-37327 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-good fixes the following issues: * CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3219=1 openSUSE-SLE-15.4-2023-3219=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3219=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gstreamer-plugins-good-jack-1.20.1-150400.3.6.1 * gstreamer-plugins-good-jack-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-good-gtk-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-good-gtk-1.20.1-150400.3.6.1 * gstreamer-plugins-good-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-good-qtqml-1.20.1-150400.3.6.1 * gstreamer-plugins-good-debugsource-1.20.1-150400.3.6.1 * gstreamer-plugins-good-1.20.1-150400.3.6.1 * gstreamer-plugins-good-extra-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-good-qtqml-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-good-extra-1.20.1-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * gstreamer-plugins-good-jack-32bit-1.20.1-150400.3.6.1 * gstreamer-plugins-good-extra-32bit-1.20.1-150400.3.6.1 * gstreamer-plugins-good-jack-32bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-good-32bit-1.20.1-150400.3.6.1 * gstreamer-plugins-good-extra-32bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-good-32bit-debuginfo-1.20.1-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * gstreamer-plugins-good-lang-1.20.1-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gstreamer-plugins-good-extra-64bit-1.20.1-150400.3.6.1 * gstreamer-plugins-good-extra-64bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-good-64bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-good-jack-64bit-debuginfo-1.20.1-150400.3.6.1 * gstreamer-plugins-good-jack-64bit-1.20.1-150400.3.6.1 * gstreamer-plugins-good-64bit-1.20.1-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-good-1.20.1-150400.3.6.1 * gstreamer-plugins-good-debugsource-1.20.1-150400.3.6.1 * gstreamer-plugins-good-debuginfo-1.20.1-150400.3.6.1 * Basesystem Module 15-SP4 (noarch) * gstreamer-plugins-good-lang-1.20.1-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37327.html * https://bugzilla.suse.com/show_bug.cgi?id=1213128 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 07:03:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Aug 2023 09:03:56 +0200 (CEST) Subject: SUSE-CU-2023:2525-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230808070356.671C6FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2525-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.430 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.430 Severity : moderate Type : security References : 1201627 1207534 1213487 CVE-2022-4304 CVE-2023-3446 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3179-1 Released: Thu Aug 3 13:59:38 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.72.1 updated - libopenssl1_1-1.1.1d-150200.11.72.1 updated - openssl-1_1-1.1.1d-150200.11.72.1 updated - container:sles15-image-15.0.0-17.20.163 updated From sle-updates at lists.suse.com Tue Aug 8 07:04:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Aug 2023 09:04:36 +0200 (CEST) Subject: SUSE-CU-2023:2526-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230808070436.83D18FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2526-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.252 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.252 Severity : moderate Type : security References : 1201627 1207534 1213487 CVE-2022-4304 CVE-2023-3446 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3179-1 Released: Thu Aug 3 13:59:38 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.72.1 updated - libopenssl1_1-1.1.1d-150200.11.72.1 updated - openssl-1_1-1.1.1d-150200.11.72.1 updated - container:sles15-image-15.0.0-17.20.163 updated From sle-updates at lists.suse.com Tue Aug 8 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 08:30:05 -0000 Subject: SUSE-SU-2023:3226-1: important: Security update for gstreamer-plugins-ugly Message-ID: <169148340524.1341.14593559590719793711@smelt2.suse.de> # Security update for gstreamer-plugins-ugly Announcement ID: SUSE-SU-2023:3226-1 Rating: important References: * #1213750 * #1213751 Cross-References: * CVE-2023-38103 * CVE-2023-38104 CVSS scores: * CVE-2023-38103 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38104 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-ugly fixes the following issues: * CVE-2023-38104: Fixed integer overflow during parsing of MDPR chunks (bsc#1213750). * CVE-2023-38103: Fixed integer overflow during parsing of MDPR chunks (bsc#1213751). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3226=1 openSUSE-SLE-15.4-2023-3226=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3226=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gstreamer-plugins-ugly-debugsource-1.20.1-150400.3.3.1 * gstreamer-plugins-ugly-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-ugly-1.20.1-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * gstreamer-plugins-ugly-32bit-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-ugly-32bit-1.20.1-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * gstreamer-plugins-ugly-lang-1.20.1-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gstreamer-plugins-ugly-64bit-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-ugly-64bit-1.20.1-150400.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * gstreamer-plugins-ugly-debugsource-1.20.1-150400.3.3.1 * gstreamer-plugins-ugly-debuginfo-1.20.1-150400.3.3.1 * gstreamer-plugins-ugly-1.20.1-150400.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * gstreamer-plugins-ugly-lang-1.20.1-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38103.html * https://www.suse.com/security/cve/CVE-2023-38104.html * https://bugzilla.suse.com/show_bug.cgi?id=1213750 * https://bugzilla.suse.com/show_bug.cgi?id=1213751 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 08:30:08 -0000 Subject: SUSE-SU-2023:3225-1: important: Security update for qt6-base Message-ID: <169148340828.1341.2623481469917639916@smelt2.suse.de> # Security update for qt6-base Announcement ID: SUSE-SU-2023:3225-1 Rating: important References: * #1209616 * #1211642 * #1211797 * #1211994 * #1213326 Cross-References: * CVE-2023-24607 * CVE-2023-32762 * CVE-2023-33285 * CVE-2023-34410 * CVE-2023-38197 CVSS scores: * CVE-2023-24607 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32762 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-32762 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-33285 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-33285 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34410 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-38197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for qt6-base fixes the following issues: * CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994). * CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642). * CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport- security (HSTS) header (bsc#1211797). * CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326). * CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3225=1 openSUSE-SLE-15.5-2023-3225=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3225=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3225=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libQt6Concurrent6-debuginfo-6.4.2-150500.3.7.4 * qt6-base-common-devel-debuginfo-6.4.2-150500.3.7.4 * qt6-widgets-private-devel-6.4.2-150500.3.7.4 * qt6-gui-devel-6.4.2-150500.3.7.4 * libQt6Network6-debuginfo-6.4.2-150500.3.7.4 * qt6-gui-private-devel-6.4.2-150500.3.7.4 * libQt6Widgets6-6.4.2-150500.3.7.4 * qt6-dbus-devel-6.4.2-150500.3.7.4 * qt6-platformtheme-xdgdesktopportal-6.4.2-150500.3.7.4 * qt6-network-private-devel-6.4.2-150500.3.7.4 * libQt6Test6-debuginfo-6.4.2-150500.3.7.4 * libQt6Sql6-debuginfo-6.4.2-150500.3.7.4 * qt6-base-common-devel-6.4.2-150500.3.7.4 * qt6-base-examples-debuginfo-6.4.2-150500.3.7.4 * qt6-base-docs-html-6.4.2-150500.3.7.1 * qt6-kmssupport-private-devel-6.4.2-150500.3.7.4 * qt6-base-examples-6.4.2-150500.3.7.4 * qt6-platformtheme-gtk3-debuginfo-6.4.2-150500.3.7.4 * qt6-base-docs-qch-6.4.2-150500.3.7.1 * libQt6OpenGL6-debuginfo-6.4.2-150500.3.7.4 * qt6-core-devel-6.4.2-150500.3.7.4 * qt6-networkinformation-glib-6.4.2-150500.3.7.4 * qt6-openglwidgets-devel-6.4.2-150500.3.7.4 * qt6-platformtheme-xdgdesktopportal-debuginfo-6.4.2-150500.3.7.4 * libQt6Widgets6-debuginfo-6.4.2-150500.3.7.4 * libQt6Core6-6.4.2-150500.3.7.4 * libQt6PrintSupport6-debuginfo-6.4.2-150500.3.7.4 * qt6-sql-sqlite-6.4.2-150500.3.7.4 * qt6-network-devel-6.4.2-150500.3.7.4 * qt6-base-debugsource-6.4.2-150500.3.7.4 * qt6-networkinformation-nm-6.4.2-150500.3.7.4 * qt6-core-private-devel-6.4.2-150500.3.7.4 * qt6-printsupport-private-devel-6.4.2-150500.3.7.4 * libQt6DBus6-debuginfo-6.4.2-150500.3.7.4 * qt6-test-private-devel-6.4.2-150500.3.7.4 * qt6-xml-private-devel-6.4.2-150500.3.7.4 * qt6-network-tls-6.4.2-150500.3.7.4 * qt6-network-tls-debuginfo-6.4.2-150500.3.7.4 * qt6-kmssupport-devel-static-6.4.2-150500.3.7.4 * qt6-networkinformation-glib-debuginfo-6.4.2-150500.3.7.4 * qt6-platformtheme-gtk3-6.4.2-150500.3.7.4 * qt6-printsupport-cups-debuginfo-6.4.2-150500.3.7.4 * libQt6PrintSupport6-6.4.2-150500.3.7.4 * qt6-dbus-private-devel-6.4.2-150500.3.7.4 * qt6-networkinformation-nm-debuginfo-6.4.2-150500.3.7.4 * qt6-sql-unixODBC-6.4.2-150500.3.7.4 * qt6-sql-postgresql-debuginfo-6.4.2-150500.3.7.4 * libQt6Xml6-6.4.2-150500.3.7.4 * qt6-sql-unixODBC-debuginfo-6.4.2-150500.3.7.4 * qt6-widgets-devel-6.4.2-150500.3.7.4 * libQt6Sql6-6.4.2-150500.3.7.4 * qt6-opengl-devel-6.4.2-150500.3.7.4 * libQt6Network6-6.4.2-150500.3.7.4 * libQt6Xml6-debuginfo-6.4.2-150500.3.7.4 * qt6-opengl-private-devel-6.4.2-150500.3.7.4 * qt6-printsupport-cups-6.4.2-150500.3.7.4 * qt6-platformsupport-private-devel-6.4.2-150500.3.7.4 * qt6-concurrent-devel-6.4.2-150500.3.7.4 * qt6-sql-mysql-6.4.2-150500.3.7.4 * qt6-platformsupport-devel-static-6.4.2-150500.3.7.4 * qt6-sql-private-devel-6.4.2-150500.3.7.4 * libQt6Core6-debuginfo-6.4.2-150500.3.7.4 * libQt6OpenGLWidgets6-debuginfo-6.4.2-150500.3.7.4 * qt6-sql-devel-6.4.2-150500.3.7.4 * qt6-base-debuginfo-6.4.2-150500.3.7.4 * qt6-printsupport-devel-6.4.2-150500.3.7.4 * libQt6Concurrent6-6.4.2-150500.3.7.4 * qt6-sql-mysql-debuginfo-6.4.2-150500.3.7.4 * libQt6Test6-6.4.2-150500.3.7.4 * qt6-sql-sqlite-debuginfo-6.4.2-150500.3.7.4 * qt6-test-devel-6.4.2-150500.3.7.4 * qt6-xml-devel-6.4.2-150500.3.7.4 * libQt6Gui6-debuginfo-6.4.2-150500.3.7.4 * libQt6OpenGLWidgets6-6.4.2-150500.3.7.4 * qt6-sql-postgresql-6.4.2-150500.3.7.4 * libQt6OpenGL6-6.4.2-150500.3.7.4 * libQt6Gui6-6.4.2-150500.3.7.4 * libQt6DBus6-6.4.2-150500.3.7.4 * openSUSE Leap 15.5 (noarch) * qt6-base-devel-6.4.2-150500.3.7.4 * qt6-base-private-devel-6.4.2-150500.3.7.4 * qt6-docs-common-6.4.2-150500.3.7.4 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qt6-base-debuginfo-6.4.2-150500.3.7.4 * libQt6Widgets6-debuginfo-6.4.2-150500.3.7.4 * libQt6Network6-debuginfo-6.4.2-150500.3.7.4 * libQt6Core6-6.4.2-150500.3.7.4 * libQt6Widgets6-6.4.2-150500.3.7.4 * libQt6Network6-6.4.2-150500.3.7.4 * qt6-base-debugsource-6.4.2-150500.3.7.4 * libQt6Gui6-debuginfo-6.4.2-150500.3.7.4 * libQt6DBus6-debuginfo-6.4.2-150500.3.7.4 * qt6-network-tls-6.4.2-150500.3.7.4 * libQt6Core6-debuginfo-6.4.2-150500.3.7.4 * libQt6Gui6-6.4.2-150500.3.7.4 * libQt6OpenGL6-6.4.2-150500.3.7.4 * libQt6DBus6-6.4.2-150500.3.7.4 * qt6-network-tls-debuginfo-6.4.2-150500.3.7.4 * libQt6OpenGL6-debuginfo-6.4.2-150500.3.7.4 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libQt6Concurrent6-debuginfo-6.4.2-150500.3.7.4 * qt6-base-common-devel-debuginfo-6.4.2-150500.3.7.4 * qt6-widgets-private-devel-6.4.2-150500.3.7.4 * qt6-gui-devel-6.4.2-150500.3.7.4 * libQt6Network6-debuginfo-6.4.2-150500.3.7.4 * qt6-gui-private-devel-6.4.2-150500.3.7.4 * libQt6Widgets6-6.4.2-150500.3.7.4 * qt6-dbus-devel-6.4.2-150500.3.7.4 * libQt6Test6-debuginfo-6.4.2-150500.3.7.4 * libQt6Sql6-debuginfo-6.4.2-150500.3.7.4 * qt6-base-common-devel-6.4.2-150500.3.7.4 * qt6-kmssupport-private-devel-6.4.2-150500.3.7.4 * libQt6OpenGL6-debuginfo-6.4.2-150500.3.7.4 * qt6-core-devel-6.4.2-150500.3.7.4 * qt6-openglwidgets-devel-6.4.2-150500.3.7.4 * libQt6Widgets6-debuginfo-6.4.2-150500.3.7.4 * libQt6Core6-6.4.2-150500.3.7.4 * libQt6PrintSupport6-debuginfo-6.4.2-150500.3.7.4 * qt6-sql-sqlite-6.4.2-150500.3.7.4 * qt6-network-devel-6.4.2-150500.3.7.4 * qt6-base-debugsource-6.4.2-150500.3.7.4 * qt6-core-private-devel-6.4.2-150500.3.7.4 * libQt6DBus6-debuginfo-6.4.2-150500.3.7.4 * qt6-network-tls-6.4.2-150500.3.7.4 * qt6-network-tls-debuginfo-6.4.2-150500.3.7.4 * qt6-kmssupport-devel-static-6.4.2-150500.3.7.4 * libQt6PrintSupport6-6.4.2-150500.3.7.4 * libQt6Xml6-6.4.2-150500.3.7.4 * qt6-widgets-devel-6.4.2-150500.3.7.4 * libQt6Sql6-6.4.2-150500.3.7.4 * qt6-opengl-devel-6.4.2-150500.3.7.4 * libQt6Network6-6.4.2-150500.3.7.4 * libQt6Xml6-debuginfo-6.4.2-150500.3.7.4 * qt6-opengl-private-devel-6.4.2-150500.3.7.4 * qt6-concurrent-devel-6.4.2-150500.3.7.4 * qt6-platformsupport-devel-static-6.4.2-150500.3.7.4 * libQt6Core6-debuginfo-6.4.2-150500.3.7.4 * libQt6OpenGLWidgets6-debuginfo-6.4.2-150500.3.7.4 * qt6-sql-devel-6.4.2-150500.3.7.4 * qt6-base-debuginfo-6.4.2-150500.3.7.4 * qt6-printsupport-devel-6.4.2-150500.3.7.4 * libQt6Concurrent6-6.4.2-150500.3.7.4 * qt6-sql-sqlite-debuginfo-6.4.2-150500.3.7.4 * libQt6Test6-6.4.2-150500.3.7.4 * qt6-test-devel-6.4.2-150500.3.7.4 * qt6-xml-devel-6.4.2-150500.3.7.4 * libQt6Gui6-debuginfo-6.4.2-150500.3.7.4 * libQt6OpenGLWidgets6-6.4.2-150500.3.7.4 * libQt6OpenGL6-6.4.2-150500.3.7.4 * libQt6Gui6-6.4.2-150500.3.7.4 * libQt6DBus6-6.4.2-150500.3.7.4 * SUSE Package Hub 15 15-SP5 (noarch) * qt6-base-devel-6.4.2-150500.3.7.4 ## References: * https://www.suse.com/security/cve/CVE-2023-24607.html * https://www.suse.com/security/cve/CVE-2023-32762.html * https://www.suse.com/security/cve/CVE-2023-33285.html * https://www.suse.com/security/cve/CVE-2023-34410.html * https://www.suse.com/security/cve/CVE-2023-38197.html * https://bugzilla.suse.com/show_bug.cgi?id=1209616 * https://bugzilla.suse.com/show_bug.cgi?id=1211642 * https://bugzilla.suse.com/show_bug.cgi?id=1211797 * https://bugzilla.suse.com/show_bug.cgi?id=1211994 * https://bugzilla.suse.com/show_bug.cgi?id=1213326 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 12:30:03 -0000 Subject: SUSE-SU-2023:3228-1: important: Security update for MozillaThunderbird Message-ID: <169149780329.10452.18078538443892219730@smelt2.suse.de> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:3228-1 Rating: important References: * #1213657 * #1213746 Cross-References: * CVE-2023-4045 * CVE-2023-4046 * CVE-2023-4047 * CVE-2023-4048 * CVE-2023-4049 * CVE-2023-4050 * CVE-2023-4052 * CVE-2023-4054 * CVE-2023-4055 * CVE-2023-4056 * CVE-2023-4057 CVSS scores: * CVE-2023-4045 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-4045 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-4046 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4047 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4048 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4049 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4050 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4054 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-4055 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4056 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4057 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Update Mozilla Thunderbird 115.1.0 (bsc#1213746): * CVE-2023-4045: Fixed cross-origin restrictions bypass with Offscreen Canvas (bmo#1833876). * CVE-2023-4046: Fixed incorrect value used during WASM compilation (bmo#1837686). * CVE-2023-4047: Fixed potential permissions request bypass via clickjacking (bmo#1839073). * CVE-2023-4048: Fixed crash in DOMParser due to out-of-memory conditions (bmo#1841368). * CVE-2023-4049: Fixed potential race conditions when releasing platform objects (bmo#1842658). * CVE-2023-4050: Fixed stack buffer overflow in StorageManager (bmo#1843038). * CVE-2023-4052: Fixed file deletion and privilege escalation through Firefox uninstaller (bmo#1824420). * CVE-2023-4054: Fixed lack of warning when opening appref-ms files (bmo#1840777). * CVE-2023-4055: Fixed cookie jar overflow caused unexpected cookie jar state (bmo#1782561). * CVE-2023-4056: Fixed memory safety bugs (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847). * CVE-2023-4057: Fixed memory safety bugs (bmo#1841682). Bugfixes: * Remove bashisms from startup-script (bsc#1213657). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3228=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3228=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3228=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3228=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3228=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3228=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.1.0-150200.8.127.1 * MozillaThunderbird-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-common-115.1.0-150200.8.127.1 * MozillaThunderbird-debugsource-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-other-115.1.0-150200.8.127.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.1.0-150200.8.127.1 * MozillaThunderbird-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-common-115.1.0-150200.8.127.1 * MozillaThunderbird-debugsource-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-other-115.1.0-150200.8.127.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.1.0-150200.8.127.1 * MozillaThunderbird-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-common-115.1.0-150200.8.127.1 * MozillaThunderbird-debugsource-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-other-115.1.0-150200.8.127.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-debuginfo-115.1.0-150200.8.127.1 * MozillaThunderbird-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-common-115.1.0-150200.8.127.1 * MozillaThunderbird-debugsource-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-other-115.1.0-150200.8.127.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-debuginfo-115.1.0-150200.8.127.1 * MozillaThunderbird-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-common-115.1.0-150200.8.127.1 * MozillaThunderbird-debugsource-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-other-115.1.0-150200.8.127.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.1.0-150200.8.127.1 * MozillaThunderbird-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-common-115.1.0-150200.8.127.1 * MozillaThunderbird-debugsource-115.1.0-150200.8.127.1 * MozillaThunderbird-translations-other-115.1.0-150200.8.127.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4045.html * https://www.suse.com/security/cve/CVE-2023-4046.html * https://www.suse.com/security/cve/CVE-2023-4047.html * https://www.suse.com/security/cve/CVE-2023-4048.html * https://www.suse.com/security/cve/CVE-2023-4049.html * https://www.suse.com/security/cve/CVE-2023-4050.html * https://www.suse.com/security/cve/CVE-2023-4052.html * https://www.suse.com/security/cve/CVE-2023-4054.html * https://www.suse.com/security/cve/CVE-2023-4055.html * https://www.suse.com/security/cve/CVE-2023-4056.html * https://www.suse.com/security/cve/CVE-2023-4057.html * https://bugzilla.suse.com/show_bug.cgi?id=1213657 * https://bugzilla.suse.com/show_bug.cgi?id=1213746 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 12:30:06 -0000 Subject: SUSE-RU-2023:3227-1: moderate: Recommended update for yast2-storage-ng Message-ID: <169149780677.10452.13787493499572857296@smelt2.suse.de> # Recommended update for yast2-storage-ng Announcement ID: SUSE-RU-2023:3227-1 Rating: moderate References: * #1212452 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-storage-ng fixes the following issues: * Ensure adding storage support software packages for SUSE Linux Enterprise Micro (bsc#1212452) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3227=1 openSUSE-SLE-15.4-2023-3227=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3227=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3227=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3227=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3227=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3227=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3227=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-3227=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3227=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * yast2-storage-ng-4.4.45-150400.3.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * yast2-storage-ng-4.4.45-150400.3.16.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.4.45-150400.3.16.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * yast2-storage-ng-4.4.45-150400.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * yast2-storage-ng-4.4.45-150400.3.16.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * yast2-storage-ng-4.4.45-150400.3.16.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * yast2-storage-ng-4.4.45-150400.3.16.1 * SUSE Manager Proxy 4.3 (x86_64) * yast2-storage-ng-4.4.45-150400.3.16.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.4.45-150400.3.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212452 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 16:30:03 -0000 Subject: SUSE-SU-2023:3233-1: important: Security update for webkit2gtk3 Message-ID: <169151220365.19690.8679454651403254833@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:3233-1 Rating: important References: * #1212863 * #1213905 Cross-References: * CVE-2022-48503 * CVE-2023-32435 * CVE-2023-32439 * CVE-2023-38133 * CVE-2023-38572 * CVE-2023-38592 * CVE-2023-38594 * CVE-2023-38595 * CVE-2023-38597 * CVE-2023-38599 * CVE-2023-38600 * CVE-2023-38611 CVSS scores: * CVE-2022-48503 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32435 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32435 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32439 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32439 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38133 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-38572 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-38592 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38594 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38595 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38597 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38599 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-38600 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38611 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 (bsc#1213905): * CVE-2023-38133: Fixed information disclosure. * CVE-2023-38572: Fixed Same-Origin-Policy bypass. * CVE-2023-38592: Fixed arbitrary code execution. * CVE-2023-38594: Fixed arbitrary code execution. * CVE-2023-38595: Fixed arbitrary code execution. * CVE-2023-38597: Fixed arbitrary code execution. * CVE-2023-38599: Fixed sensitive user information tracking. * CVE-2023-38600: Fixed arbitrary code execution. * CVE-2023-38611: Fixed arbitrary code execution. Update to version 2.40.3 (bsc#1212863): * CVE-2023-32439: Fixed a bug where processing maliciously crafted web content may lead to arbitrary code execution. (bsc#1212863) * CVE-2023-32435: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) * CVE-2022-48503: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3233=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3233=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3233=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3233=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3233=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3233=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3233=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3233=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3233=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3233=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3233=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3233=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * webkit2gtk3-devel-2.40.5-150200.78.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * typelib-1_0-WebKit2-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * webkit2gtk3-devel-2.40.5-150200.78.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * typelib-1_0-WebKit2-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-devel-2.40.5-150200.78.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * typelib-1_0-WebKit2-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-devel-2.40.5-150200.78.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * typelib-1_0-WebKit2-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * webkit2gtk3-devel-2.40.5-150200.78.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * typelib-1_0-WebKit2-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * webkit2gtk3-devel-2.40.5-150200.78.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * typelib-1_0-WebKit2-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * SUSE Manager Proxy 4.2 (x86_64) * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Manager Proxy 4.2 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Manager Server 4.2 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * webkit2gtk3-devel-2.40.5-150200.78.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * typelib-1_0-WebKit2-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Enterprise Storage 7.1 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * openSUSE Leap 15.4 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * webkit2gtk3-devel-2.40.5-150200.78.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-2.40.5-150200.78.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150200.78.1 * typelib-1_0-WebKit2-4_0-2.40.5-150200.78.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150200.78.1 * webkit2gtk3-debugsource-2.40.5-150200.78.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-2.40.5-150200.78.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150200.78.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.40.5-150200.78.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48503.html * https://www.suse.com/security/cve/CVE-2023-32435.html * https://www.suse.com/security/cve/CVE-2023-32439.html * https://www.suse.com/security/cve/CVE-2023-38133.html * https://www.suse.com/security/cve/CVE-2023-38572.html * https://www.suse.com/security/cve/CVE-2023-38592.html * https://www.suse.com/security/cve/CVE-2023-38594.html * https://www.suse.com/security/cve/CVE-2023-38595.html * https://www.suse.com/security/cve/CVE-2023-38597.html * https://www.suse.com/security/cve/CVE-2023-38599.html * https://www.suse.com/security/cve/CVE-2023-38600.html * https://www.suse.com/security/cve/CVE-2023-38611.html * https://bugzilla.suse.com/show_bug.cgi?id=1212863 * https://bugzilla.suse.com/show_bug.cgi?id=1213905 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 16:30:07 -0000 Subject: SUSE-SU-2023:3232-1: important: Security update for tomcat Message-ID: <169151220734.19690.10668357743792335381@smelt2.suse.de> # Security update for tomcat Announcement ID: SUSE-SU-2023:3232-1 Rating: important References: * #1196137 * #1198136 Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 8 * SUSE OpenStack Cloud Crowbar 9 An update that has two fixes can now be installed. ## Description: This update for tomcat fixes the following issues: * Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137) Security hardening, related to Spring Framework vulnerabilities: \- Deprecate getResources() and always return null (bsc#1198136). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-3232=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-3232=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3232=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-3232=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3232=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 zypper in -t patch SUSE-2023-3232=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-3232=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3232=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3232=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-3232=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-3232=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3232=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3232=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3232=1 ## Package List: * HPE Helion OpenStack 8 (x86_64) * javapackages-filesystem-5.3.1-14.7.3 * SUSE OpenStack Cloud 8 (x86_64) * javapackages-filesystem-5.3.1-14.7.3 * SUSE OpenStack Cloud 9 (x86_64) * javapackages-filesystem-5.3.1-14.7.3 * javapackages-tools-5.3.1-14.7.3 * SUSE OpenStack Cloud Crowbar 8 (x86_64) * javapackages-filesystem-5.3.1-14.7.3 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * javapackages-filesystem-5.3.1-14.7.3 * javapackages-tools-5.3.1-14.7.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64) * javapackages-filesystem-5.3.1-14.7.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 (noarch) * tomcat-javadoc-8.0.53-29.54.1 * tomcat-el-3_0-api-8.0.53-29.54.1 * tomcat-jsp-2_3-api-8.0.53-29.54.1 * tomcat-docs-webapp-8.0.53-29.54.1 * tomcat-admin-webapps-8.0.53-29.54.1 * tomcat-servlet-3_1-api-8.0.53-29.54.1 * tomcat-webapps-8.0.53-29.54.1 * tomcat-lib-8.0.53-29.54.1 * tomcat-8.0.53-29.54.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * javapackages-filesystem-5.3.1-14.7.3 * javapackages-tools-5.3.1-14.7.3 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * javapackages-filesystem-5.3.1-14.7.3 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * javapackages-filesystem-5.3.1-14.7.3 * javapackages-tools-5.3.1-14.7.3 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * tomcat-javadoc-8.0.53-29.54.1 * tomcat-el-3_0-api-8.0.53-29.54.1 * tomcat-jsp-2_3-api-8.0.53-29.54.1 * tomcat-docs-webapp-8.0.53-29.54.1 * tomcat-admin-webapps-8.0.53-29.54.1 * tomcat-servlet-3_1-api-8.0.53-29.54.1 * tomcat-webapps-8.0.53-29.54.1 * tomcat-lib-8.0.53-29.54.1 * tomcat-8.0.53-29.54.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * javapackages-filesystem-5.3.1-14.7.3 * javapackages-tools-5.3.1-14.7.3 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * javapackages-filesystem-5.3.1-14.7.3 * javapackages-tools-5.3.1-14.7.3 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * javapackages-filesystem-5.3.1-14.7.3 * javapackages-tools-5.3.1-14.7.3 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * javapackages-filesystem-5.3.1-14.7.3 * javapackages-tools-5.3.1-14.7.3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * javapackages-filesystem-5.3.1-14.7.3 * javapackages-tools-5.3.1-14.7.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1196137 * https://bugzilla.suse.com/show_bug.cgi?id=1198136 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 16:30:09 -0000 Subject: SUSE-RU-2023:3231-1: moderate: Recommended update for grpc Message-ID: <169151220984.19690.7408684841187296542@smelt2.suse.de> # Recommended update for grpc Announcement ID: SUSE-RU-2023:3231-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Server Applications Module 15-SP4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update ships grpc to the Basesystem module, as dependency for open-vm-tools container info plugin. (jsc#PED-4509) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3231=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3231=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3231=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3231=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3231=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3231=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3231=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3231=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3231=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3231=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3231=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3231=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3231=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3231=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3231=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3231=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3231=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * grpc-devel-1.25.0-150200.3.7.1 * python3-grpcio-debuginfo-1.25.0-150200.3.7.1 * python3-grpcio-1.25.0-150200.3.7.1 * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-devel-debuginfo-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * openSUSE Leap 15.4 (noarch) * grpc-source-1.25.0-150200.3.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * grpc-devel-1.25.0-150200.3.7.1 * python3-grpcio-debuginfo-1.25.0-150200.3.7.1 * python3-grpcio-1.25.0-150200.3.7.1 * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-devel-debuginfo-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * openSUSE Leap 15.5 (noarch) * grpc-source-1.25.0-150200.3.7.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-grpcio-debuginfo-1.25.0-150200.3.7.1 * python3-grpcio-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * grpc-debugsource-1.25.0-150200.3.7.1 * python3-grpcio-debuginfo-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * python3-grpcio-1.25.0-150200.3.7.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * grpc-debugsource-1.25.0-150200.3.7.1 * python3-grpcio-debuginfo-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * python3-grpcio-1.25.0-150200.3.7.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-grpcio-debuginfo-1.25.0-150200.3.7.1 * python3-grpcio-1.25.0-150200.3.7.1 * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * SUSE Manager Proxy 4.2 (x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libgrpc8-debuginfo-1.25.0-150200.3.7.1 * libgrpc++1-debuginfo-1.25.0-150200.3.7.1 * libgrpc8-1.25.0-150200.3.7.1 * libgrpc++1-1.25.0-150200.3.7.1 * grpc-debugsource-1.25.0-150200.3.7.1 * grpc-debuginfo-1.25.0-150200.3.7.1 ## References: * https://jira.suse.com/browse/PED-4509 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 16:30:13 -0000 Subject: SUSE-SU-2023:3230-1: important: Security update for cjose Message-ID: <169151221327.19690.3830587678356155504@smelt2.suse.de> # Security update for cjose Announcement ID: SUSE-SU-2023:3230-1 Rating: important References: * #1213385 Cross-References: * CVE-2023-37464 CVSS scores: * CVE-2023-37464 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2023-37464 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for cjose fixes the following issues: * CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3230=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3230=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3230=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3230=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3230=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3230=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3230=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3230=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3230=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3230=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3230=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3230=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3230=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3230=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3230=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3230=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3230=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3230=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3230=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3230=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Manager Proxy 4.2 (x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 * SUSE CaaS Platform 4.0 (x86_64) * libcjose0-0.6.1-150100.4.6.1 * libcjose0-debuginfo-0.6.1-150100.4.6.1 * cjose-debugsource-0.6.1-150100.4.6.1 * libcjose-devel-0.6.1-150100.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37464.html * https://bugzilla.suse.com/show_bug.cgi?id=1213385 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 16:30:15 -0000 Subject: SUSE-SU-2023:3229-1: important: Security update for rubygem-actionpack-5_1 Message-ID: <169151221580.19690.15943861865451062908@smelt2.suse.de> # Security update for rubygem-actionpack-5_1 Announcement ID: SUSE-SU-2023:3229-1 Rating: important References: * #1213312 Cross-References: * CVE-2023-28362 CVSS scores: * CVE-2023-28362 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for rubygem-actionpack-5_1 fixes the following issues: * CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirect_to (bsc#1213312). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3229=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3229=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-3229=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-3229=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3229=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3229=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3229=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.18.1 * ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.18.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.18.1 * ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.18.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.18.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.18.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.18.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.18.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28362.html * https://bugzilla.suse.com/show_bug.cgi?id=1213312 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:03 -0000 Subject: SUSE-SU-2023:3250-1: important: Security update for gstreamer-plugins-base Message-ID: <169152660379.19688.16854579203560212940@smelt2.suse.de> # Security update for gstreamer-plugins-base Announcement ID: SUSE-SU-2023:3250-1 Rating: important References: * #1213128 * #1213131 Cross-References: * CVE-2023-37327 * CVE-2023-37328 CVSS scores: * CVE-2023-37327 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37328 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-base fixes the following issues: * CVE-2023-37327: Fixed FLAC file parsing integer overflow remote code execution vulnerability. (bsc#1213128) * CVE-2023-37328: Fixed PGS file parsing heap-based buffer overflow remote code execution vulnerability. (bsc#1213131) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3250=1 SUSE-2023-3250=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3250=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3250=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-GstAudio-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstTag-1_0-1.22.0-150500.3.3.1 * libgstaudio-1_0-0-1.22.0-150500.3.3.1 * libgstrtp-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstApp-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstGLWayland-1_0-1.22.0-150500.3.3.1 * gstreamer-plugins-base-debuginfo-1.22.0-150500.3.3.1 * libgstgl-1_0-0-1.22.0-150500.3.3.1 * gstreamer-plugins-base-1.22.0-150500.3.3.1 * libgstapp-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstallocators-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstsdp-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstVideo-1_0-1.22.0-150500.3.3.1 * gstreamer-plugins-base-devel-1.22.0-150500.3.3.1 * typelib-1_0-GstGL-1_0-1.22.0-150500.3.3.1 * libgstaudio-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstAllocators-1_0-1.22.0-150500.3.3.1 * libgstallocators-1_0-0-1.22.0-150500.3.3.1 * libgstapp-1_0-0-1.22.0-150500.3.3.1 * libgstvideo-1_0-0-1.22.0-150500.3.3.1 * libgstsdp-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstRtsp-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstSdp-1_0-1.22.0-150500.3.3.1 * libgstrtsp-1_0-0-1.22.0-150500.3.3.1 * libgstfft-1_0-0-1.22.0-150500.3.3.1 * libgsttag-1_0-0-1.22.0-150500.3.3.1 * libgstpbutils-1_0-0-1.22.0-150500.3.3.1 * libgstrtsp-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstfft-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstvideo-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstriff-1_0-0-1.22.0-150500.3.3.1 * gstreamer-plugins-base-debugsource-1.22.0-150500.3.3.1 * typelib-1_0-GstGLEGL-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstPbutils-1_0-1.22.0-150500.3.3.1 * libgsttag-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstpbutils-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstriff-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstrtp-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstRtp-1_0-1.22.0-150500.3.3.1 * libgstgl-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstGLX11-1_0-1.22.0-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * libgstgl-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstriff-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstvideo-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstfft-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstvideo-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstsdp-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstallocators-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstrtsp-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstgl-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstallocators-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstriff-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstfft-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstpbutils-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-base-32bit-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-base-32bit-1.22.0-150500.3.3.1 * libgstapp-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstapp-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstrtsp-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstaudio-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstrtp-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgsttag-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstsdp-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstpbutils-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstrtp-1_0-0-32bit-1.22.0-150500.3.3.1 * gstreamer-plugins-base-devel-32bit-1.22.0-150500.3.3.1 * libgsttag-1_0-0-32bit-1.22.0-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * gstreamer-plugins-base-lang-1.22.0-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libgstriff-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstpbutils-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstvideo-1_0-0-64bit-1.22.0-150500.3.3.1 * libgsttag-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstrtp-1_0-0-64bit-1.22.0-150500.3.3.1 * libgsttag-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstapp-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstgl-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-base-devel-64bit-1.22.0-150500.3.3.1 * libgstgl-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstrtsp-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstsdp-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstrtsp-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstpbutils-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstriff-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstfft-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstallocators-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstaudio-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstvideo-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-base-64bit-1.22.0-150500.3.3.1 * libgstrtp-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstsdp-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstapp-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstallocators-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstfft-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-base-64bit-debuginfo-1.22.0-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstAudio-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstTag-1_0-1.22.0-150500.3.3.1 * libgstaudio-1_0-0-1.22.0-150500.3.3.1 * libgstrtp-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstApp-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstGLWayland-1_0-1.22.0-150500.3.3.1 * gstreamer-plugins-base-debuginfo-1.22.0-150500.3.3.1 * libgstgl-1_0-0-1.22.0-150500.3.3.1 * gstreamer-plugins-base-1.22.0-150500.3.3.1 * libgstapp-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstallocators-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstsdp-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstVideo-1_0-1.22.0-150500.3.3.1 * gstreamer-plugins-base-devel-1.22.0-150500.3.3.1 * typelib-1_0-GstGL-1_0-1.22.0-150500.3.3.1 * libgstaudio-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstAllocators-1_0-1.22.0-150500.3.3.1 * libgstallocators-1_0-0-1.22.0-150500.3.3.1 * libgstapp-1_0-0-1.22.0-150500.3.3.1 * libgstvideo-1_0-0-1.22.0-150500.3.3.1 * libgstsdp-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstRtsp-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstSdp-1_0-1.22.0-150500.3.3.1 * libgstrtsp-1_0-0-1.22.0-150500.3.3.1 * libgstfft-1_0-0-1.22.0-150500.3.3.1 * libgsttag-1_0-0-1.22.0-150500.3.3.1 * libgstpbutils-1_0-0-1.22.0-150500.3.3.1 * libgstrtsp-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstfft-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstvideo-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstriff-1_0-0-1.22.0-150500.3.3.1 * gstreamer-plugins-base-debugsource-1.22.0-150500.3.3.1 * typelib-1_0-GstGLEGL-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstPbutils-1_0-1.22.0-150500.3.3.1 * libgsttag-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstpbutils-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstriff-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstrtp-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstRtp-1_0-1.22.0-150500.3.3.1 * libgstgl-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstGLX11-1_0-1.22.0-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * gstreamer-plugins-base-lang-1.22.0-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libgstaudio-1_0-0-32bit-1.22.0-150500.3.3.1 * libgsttag-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstvideo-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-base-debugsource-1.22.0-150500.3.3.1 * gstreamer-plugins-base-32bit-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-base-debuginfo-1.22.0-150500.3.3.1 * libgstvideo-1_0-0-32bit-1.22.0-150500.3.3.1 * libgsttag-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37327.html * https://www.suse.com/security/cve/CVE-2023-37328.html * https://bugzilla.suse.com/show_bug.cgi?id=1213128 * https://bugzilla.suse.com/show_bug.cgi?id=1213131 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:06 -0000 Subject: SUSE-SU-2023:3249-1: important: Security update for gstreamer-plugins-bad Message-ID: <169152660643.19688.10834820177384716070@smelt2.suse.de> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:3249-1 Rating: important References: * #1213126 Cross-References: * CVE-2023-37329 CVSS scores: * CVE-2023-37329 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-37329: Fixed a heap overwrite in PGS subtitle overlay decoder which might trigger a crash or remote code execution. (bsc#1213126) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3249=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3249=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3249=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3249=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * gstreamer-plugins-bad-devel-1.22.0-150500.3.3.1 * libgstplayer-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstTranscoder-1_0-1.22.0-150500.3.3.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.3.1 * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.3.1 * gstreamer-transcoder-debuginfo-1.22.0-150500.3.3.1 * libgstcodecs-1_0-0-1.22.0-150500.3.3.1 * libgstva-1_0-0-1.22.0-150500.3.3.1 * libgstplay-1_0-0-1.22.0-150500.3.3.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstVulkanXCB-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.3.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstvulkan-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstVulkan-1_0-1.22.0-150500.3.3.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-1.22.0-150500.3.3.1 * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstphotography-1_0-0-1.22.0-150500.3.3.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstmpegts-1_0-0-1.22.0-150500.3.3.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.3.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.3.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.3.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.3.1 * libgstisoff-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.3.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.3.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.3.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.3.1 * gstreamer-transcoder-devel-1.22.0-150500.3.3.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstsctp-1_0-0-1.22.0-150500.3.3.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.3.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.3.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.3.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstVulkanWayland-1_0-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.3.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.3.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.3.1 * libgstwayland-1_0-0-1.22.0-150500.3.3.1 * libgstcuda-1_0-0-1.22.0-150500.3.3.1 * gstreamer-transcoder-1.22.0-150500.3.3.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * libgstsctp-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstisoff-1_0-0-32bit-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstcodecs-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstadaptivedemux-1_0-0-32bit-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-chromaprint-32bit-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstinsertbin-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstcuda-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstplayer-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgsturidownloader-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstsctp-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstplayer-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstphotography-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstphotography-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstisoff-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstbadaudio-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstplay-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstcodecparsers-1_0-0-32bit-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-32bit-1.22.0-150500.3.3.1 * libgstmpegts-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstplay-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstwayland-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstwayland-1_0-0-32bit-1.22.0-150500.3.3.1 * libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstva-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstwebrtcnice-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstva-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * libgstvulkan-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstcuda-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstwebrtc-1_0-0-32bit-1.22.0-150500.3.3.1 * libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libgstisoff-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstcuda-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstplayer-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstsctp-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstisoff-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstwebrtcnice-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstphotography-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstsctp-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgsturidownloader-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstcuda-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstcodecparsers-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstva-1_0-0-64bit-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-chromaprint-64bit-1.22.0-150500.3.3.1 * libgstinsertbin-1_0-0-64bit-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstplay-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstwebrtc-1_0-0-64bit-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstmpegts-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstcodecs-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstva-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstwayland-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-64bit-1.22.0-150500.3.3.1 * libgstplayer-1_0-0-64bit-1.22.0-150500.3.3.1 * libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstphotography-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstwayland-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstadaptivedemux-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstvulkan-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstbadaudio-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstplay-1_0-0-64bit-1.22.0-150500.3.3.1 * libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgstplayer-1_0-0-1.22.0-150500.3.3.1 * libgstphotography-1_0-0-1.22.0-150500.3.3.1 * libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstplay-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstplay-1_0-0-1.22.0-150500.3.3.1 * libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-bad-devel-1.22.0-150500.3.3.1 * typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.3.1 * libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.3.1 * typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.3.1 * libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstcodecs-1_0-0-1.22.0-150500.3.3.1 * libgstva-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstVa-1_0-1.22.0-150500.3.3.1 * libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstvulkan-1_0-0-1.22.0-150500.3.3.1 * libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-1.22.0-150500.3.3.1 * libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstmpegts-1_0-0-1.22.0-150500.3.3.1 * libgsttranscoder-1_0-0-1.22.0-150500.3.3.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.3.1 * typelib-1_0-CudaGst-1_0-1.22.0-150500.3.3.1 * libgstwebrtc-1_0-0-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.3.1 * libgstisoff-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.3.1 * libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstva-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstadaptivedemux-1_0-0-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.3.1 * libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstsctp-1_0-0-1.22.0-150500.3.3.1 * libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstwebrtcnice-1_0-0-1.22.0-150500.3.3.1 * libgstbadaudio-1_0-0-1.22.0-150500.3.3.1 * typelib-1_0-GstCuda-1_0-1.22.0-150500.3.3.1 * libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.3.1 * libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.3.1 * libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.3.1 * libgstcodecparsers-1_0-0-1.22.0-150500.3.3.1 * libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.3.1 * typelib-1_0-GstPlay-1_0-1.22.0-150500.3.3.1 * libgstwayland-1_0-0-1.22.0-150500.3.3.1 * libgstcuda-1_0-0-1.22.0-150500.3.3.1 * libgstinsertbin-1_0-0-1.22.0-150500.3.3.1 * libgsturidownloader-1_0-0-1.22.0-150500.3.3.1 * Desktop Applications Module 15-SP5 (noarch) * gstreamer-plugins-bad-lang-1.22.0-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libgsttranscoder-1_0-0-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-debugsource-1.22.0-150500.3.3.1 * libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37329.html * https://bugzilla.suse.com/show_bug.cgi?id=1213126 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:08 -0000 Subject: SUSE-SU-2023:3248-1: important: Security update for gstreamer-plugins-good Message-ID: <169152660892.19688.862735052408636802@smelt2.suse.de> # Security update for gstreamer-plugins-good Announcement ID: SUSE-SU-2023:3248-1 Rating: important References: * #1213128 Cross-References: * CVE-2023-37327 CVSS scores: * CVE-2023-37327 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-good fixes the following issues: * CVE-2023-37327: Fixed FLAC file parsing integer overflow remote code execution vulnerability. (bsc#1213128) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3248=1 openSUSE-SLE-15.5-2023-3248=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3248=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * gstreamer-plugins-good-extra-1.22.0-150500.4.3.1 * gstreamer-plugins-good-debuginfo-1.22.0-150500.4.3.1 * gstreamer-plugins-good-gtk-debuginfo-1.22.0-150500.4.3.1 * gstreamer-plugins-good-jack-debuginfo-1.22.0-150500.4.3.1 * gstreamer-plugins-good-1.22.0-150500.4.3.1 * gstreamer-plugins-good-qtqml-1.22.0-150500.4.3.1 * gstreamer-plugins-good-jack-1.22.0-150500.4.3.1 * gstreamer-plugins-good-qtqml-debuginfo-1.22.0-150500.4.3.1 * gstreamer-plugins-good-debugsource-1.22.0-150500.4.3.1 * gstreamer-plugins-good-extra-debuginfo-1.22.0-150500.4.3.1 * gstreamer-plugins-good-gtk-1.22.0-150500.4.3.1 * openSUSE Leap 15.5 (x86_64) * gstreamer-plugins-good-extra-32bit-1.22.0-150500.4.3.1 * gstreamer-plugins-good-extra-32bit-debuginfo-1.22.0-150500.4.3.1 * gstreamer-plugins-good-32bit-1.22.0-150500.4.3.1 * gstreamer-plugins-good-jack-32bit-debuginfo-1.22.0-150500.4.3.1 * gstreamer-plugins-good-jack-32bit-1.22.0-150500.4.3.1 * gstreamer-plugins-good-32bit-debuginfo-1.22.0-150500.4.3.1 * openSUSE Leap 15.5 (noarch) * gstreamer-plugins-good-lang-1.22.0-150500.4.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * gstreamer-plugins-good-jack-64bit-debuginfo-1.22.0-150500.4.3.1 * gstreamer-plugins-good-64bit-1.22.0-150500.4.3.1 * gstreamer-plugins-good-jack-64bit-1.22.0-150500.4.3.1 * gstreamer-plugins-good-extra-64bit-1.22.0-150500.4.3.1 * gstreamer-plugins-good-64bit-debuginfo-1.22.0-150500.4.3.1 * gstreamer-plugins-good-extra-64bit-debuginfo-1.22.0-150500.4.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-good-1.22.0-150500.4.3.1 * gstreamer-plugins-good-debuginfo-1.22.0-150500.4.3.1 * gstreamer-plugins-good-debugsource-1.22.0-150500.4.3.1 * Basesystem Module 15-SP5 (noarch) * gstreamer-plugins-good-lang-1.22.0-150500.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37327.html * https://bugzilla.suse.com/show_bug.cgi?id=1213128 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:11 -0000 Subject: SUSE-SU-2023:3247-1: important: Security update for gstreamer-plugins-ugly Message-ID: <169152661119.19688.7523353195770119311@smelt2.suse.de> # Security update for gstreamer-plugins-ugly Announcement ID: SUSE-SU-2023:3247-1 Rating: important References: * #1213750 * #1213751 Cross-References: * CVE-2023-38103 * CVE-2023-38104 CVSS scores: * CVE-2023-38103 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38104 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-ugly fixes the following issues: * CVE-2023-38103: Fixed an integer overflows when calculating the size of SIPR audio buffers. (bsc#1213751) * CVE-2023-38104: Fixed an integer overflow when calculation audio packet size . (bsc#1213750) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3247=1 openSUSE-SLE-15.5-2023-3247=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3247=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * gstreamer-plugins-ugly-debugsource-1.22.0-150500.3.3.1 * gstreamer-plugins-ugly-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-ugly-1.22.0-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * gstreamer-plugins-ugly-32bit-1.22.0-150500.3.3.1 * gstreamer-plugins-ugly-32bit-debuginfo-1.22.0-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * gstreamer-plugins-ugly-lang-1.22.0-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * gstreamer-plugins-ugly-64bit-1.22.0-150500.3.3.1 * gstreamer-plugins-ugly-64bit-debuginfo-1.22.0-150500.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * gstreamer-plugins-ugly-debugsource-1.22.0-150500.3.3.1 * gstreamer-plugins-ugly-debuginfo-1.22.0-150500.3.3.1 * gstreamer-plugins-ugly-1.22.0-150500.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * gstreamer-plugins-ugly-lang-1.22.0-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38103.html * https://www.suse.com/security/cve/CVE-2023-38104.html * https://bugzilla.suse.com/show_bug.cgi?id=1213750 * https://bugzilla.suse.com/show_bug.cgi?id=1213751 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:13 -0000 Subject: SUSE-SU-2023:3246-1: important: Security update for gstreamer-plugins-good Message-ID: <169152661328.19688.12377891625846467050@smelt2.suse.de> # Security update for gstreamer-plugins-good Announcement ID: SUSE-SU-2023:3246-1 Rating: important References: * #1213128 Cross-References: * CVE-2023-37327 CVSS scores: * CVE-2023-37327 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-good fixes the following issues: * CVE-2023-37327: Fixed FLAC file parsing integer overflow remote code execution vulnerability. (bsc#1213128) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3246=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3246=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3246=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3246=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * gstreamer-plugins-good-debugsource-1.8.3-16.9.1 * gstreamer-plugins-good-debuginfo-1.8.3-16.9.1 * gstreamer-plugins-good-1.8.3-16.9.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * gstreamer-plugins-good-lang-1.8.3-16.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * gstreamer-plugins-good-debugsource-1.8.3-16.9.1 * gstreamer-plugins-good-debuginfo-1.8.3-16.9.1 * gstreamer-plugins-good-1.8.3-16.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gstreamer-plugins-good-lang-1.8.3-16.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-good-debugsource-1.8.3-16.9.1 * gstreamer-plugins-good-debuginfo-1.8.3-16.9.1 * gstreamer-plugins-good-1.8.3-16.9.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gstreamer-plugins-good-lang-1.8.3-16.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * gstreamer-plugins-good-debugsource-1.8.3-16.9.1 * gstreamer-plugins-good-debuginfo-1.8.3-16.9.1 * gstreamer-plugins-good-1.8.3-16.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gstreamer-plugins-good-lang-1.8.3-16.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37327.html * https://bugzilla.suse.com/show_bug.cgi?id=1213128 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:15 -0000 Subject: SUSE-SU-2023:3245-1: important: Security update for keylime Message-ID: <169152661516.19688.16530324412358253561@smelt2.suse.de> # Security update for keylime Announcement ID: SUSE-SU-2023:3245-1 Rating: important References: * #1213310 Cross-References: * CVE-2023-38200 CVSS scores: * CVE-2023-38200 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38200 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for keylime fixes the following issues: * CVE-2023-38200: Fixed a DoS attack against it's SSL connections. (bsc#1213310) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3245=1 openSUSE-SLE-15.4-2023-3245=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3245=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3245=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3245=1 ## Package List: * openSUSE Leap 15.4 (noarch) * keylime-agent-6.3.2-150400.4.17.1 * keylime-firewalld-6.3.2-150400.4.17.1 * keylime-logrotate-6.3.2-150400.4.17.1 * keylime-registrar-6.3.2-150400.4.17.1 * keylime-tpm_cert_store-6.3.2-150400.4.17.1 * python3-keylime-6.3.2-150400.4.17.1 * keylime-config-6.3.2-150400.4.17.1 * keylime-verifier-6.3.2-150400.4.17.1 * openSUSE Leap 15.5 (noarch) * keylime-agent-6.3.2-150400.4.17.1 * keylime-firewalld-6.3.2-150400.4.17.1 * keylime-logrotate-6.3.2-150400.4.17.1 * keylime-registrar-6.3.2-150400.4.17.1 * keylime-tpm_cert_store-6.3.2-150400.4.17.1 * python3-keylime-6.3.2-150400.4.17.1 * keylime-config-6.3.2-150400.4.17.1 * keylime-verifier-6.3.2-150400.4.17.1 * Basesystem Module 15-SP4 (noarch) * keylime-agent-6.3.2-150400.4.17.1 * keylime-firewalld-6.3.2-150400.4.17.1 * keylime-logrotate-6.3.2-150400.4.17.1 * keylime-registrar-6.3.2-150400.4.17.1 * keylime-tpm_cert_store-6.3.2-150400.4.17.1 * python3-keylime-6.3.2-150400.4.17.1 * keylime-config-6.3.2-150400.4.17.1 * keylime-verifier-6.3.2-150400.4.17.1 * Basesystem Module 15-SP5 (noarch) * keylime-agent-6.3.2-150400.4.17.1 * keylime-firewalld-6.3.2-150400.4.17.1 * keylime-logrotate-6.3.2-150400.4.17.1 * keylime-registrar-6.3.2-150400.4.17.1 * keylime-tpm_cert_store-6.3.2-150400.4.17.1 * python3-keylime-6.3.2-150400.4.17.1 * keylime-config-6.3.2-150400.4.17.1 * keylime-verifier-6.3.2-150400.4.17.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38200.html * https://bugzilla.suse.com/show_bug.cgi?id=1213310 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:17 -0000 Subject: SUSE-SU-2023:3244-1: moderate: Security update for openssl-3 Message-ID: <169152661716.19688.14459960987601060713@smelt2.suse.de> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:3244-1 Rating: moderate References: * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3244=1 openSUSE-SLE-15.4-2023-3244=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3244=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-3.0.8-150400.4.34.1 * openssl-3-debuginfo-3.0.8-150400.4.34.1 * libopenssl3-3.0.8-150400.4.34.1 * libopenssl3-debuginfo-3.0.8-150400.4.34.1 * libopenssl-3-devel-3.0.8-150400.4.34.1 * openssl-3-debugsource-3.0.8-150400.4.34.1 * openSUSE Leap 15.4 (x86_64) * libopenssl-3-devel-32bit-3.0.8-150400.4.34.1 * libopenssl3-32bit-3.0.8-150400.4.34.1 * libopenssl3-32bit-debuginfo-3.0.8-150400.4.34.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.8-150400.4.34.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl3-64bit-3.0.8-150400.4.34.1 * libopenssl3-64bit-debuginfo-3.0.8-150400.4.34.1 * libopenssl-3-devel-64bit-3.0.8-150400.4.34.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-3-3.0.8-150400.4.34.1 * openssl-3-debuginfo-3.0.8-150400.4.34.1 * libopenssl3-3.0.8-150400.4.34.1 * libopenssl3-debuginfo-3.0.8-150400.4.34.1 * libopenssl-3-devel-3.0.8-150400.4.34.1 * openssl-3-debugsource-3.0.8-150400.4.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:19 -0000 Subject: SUSE-SU-2023:3243-1: moderate: Security update for openssl-3 Message-ID: <169152661915.19688.10040116053554515512@smelt2.suse.de> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:3243-1 Rating: moderate References: * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3243=1 openSUSE-SLE-15.5-2023-3243=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3243=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-3.0.8-150500.5.11.1 * libopenssl-3-devel-3.0.8-150500.5.11.1 * libopenssl3-debuginfo-3.0.8-150500.5.11.1 * openssl-3-debuginfo-3.0.8-150500.5.11.1 * openssl-3-debugsource-3.0.8-150500.5.11.1 * libopenssl3-3.0.8-150500.5.11.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-debuginfo-3.0.8-150500.5.11.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.11.1 * libopenssl3-32bit-3.0.8-150500.5.11.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.11.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150500.5.11.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.11.1 * libopenssl3-64bit-3.0.8-150500.5.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-3-3.0.8-150500.5.11.1 * libopenssl-3-devel-3.0.8-150500.5.11.1 * libopenssl3-debuginfo-3.0.8-150500.5.11.1 * openssl-3-debuginfo-3.0.8-150500.5.11.1 * openssl-3-debugsource-3.0.8-150500.5.11.1 * libopenssl3-3.0.8-150500.5.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:21 -0000 Subject: SUSE-SU-2023:3242-1: moderate: Security update for openssl-1_1 Message-ID: <169152662119.19688.5920064808145979373@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:3242-1 Rating: moderate References: * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3242=1 openSUSE-SLE-15.5-2023-3242=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3242=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openssl-1_1-1.1.1l-150500.17.15.1 * libopenssl-1_1-devel-1.1.1l-150500.17.15.1 * libopenssl1_1-hmac-1.1.1l-150500.17.15.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.15.1 * libopenssl1_1-1.1.1l-150500.17.15.1 * openssl-1_1-debugsource-1.1.1l-150500.17.15.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.15.1 * openSUSE Leap 15.5 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.15.1 * libopenssl1_1-32bit-1.1.1l-150500.17.15.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.15.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.15.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.15.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.15.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.15.1 * libopenssl1_1-64bit-1.1.1l-150500.17.15.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.15.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-1.1.1l-150500.17.15.1 * libopenssl-1_1-devel-1.1.1l-150500.17.15.1 * libopenssl1_1-hmac-1.1.1l-150500.17.15.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.15.1 * libopenssl1_1-1.1.1l-150500.17.15.1 * openssl-1_1-debugsource-1.1.1l-150500.17.15.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.15.1 * Basesystem Module 15-SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.15.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.15.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:24 -0000 Subject: SUSE-SU-2023:3241-1: moderate: Security update for poppler Message-ID: <169152662428.19688.1927602378703318955@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:3241-1 Rating: moderate References: * #1124150 * #1150039 Cross-References: * CVE-2019-16115 * CVE-2019-7310 CVSS scores: * CVE-2019-16115 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2019-16115 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-7310 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2019-7310 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-7310 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. (bsc#1150039) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3241=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler73-debuginfo-0.62.0-150000.4.18.1 * libpoppler73-0.62.0-150000.4.18.1 * openSUSE Leap 15.4 (x86_64) * libpoppler73-32bit-debuginfo-0.62.0-150000.4.18.1 * libpoppler73-32bit-0.62.0-150000.4.18.1 ## References: * https://www.suse.com/security/cve/CVE-2019-16115.html * https://www.suse.com/security/cve/CVE-2019-7310.html * https://bugzilla.suse.com/show_bug.cgi?id=1124150 * https://bugzilla.suse.com/show_bug.cgi?id=1150039 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:26 -0000 Subject: SUSE-SU-2023:3240-1: moderate: Security update for bluez Message-ID: <169152662624.19688.4934169878220830284@smelt2.suse.de> # Security update for bluez Announcement ID: SUSE-SU-2023:3240-1 Rating: moderate References: * #1192760 Cross-References: * CVE-2021-41229 CVSS scores: * CVE-2021-41229 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-41229 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for bluez fixes the following issues: * CVE-2021-41229: Fix leaking buffers stored in cstates cache. (bsc#1192760) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3240=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3240=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3240=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * bluez-deprecated-debuginfo-5.55-150300.3.25.1 * bluez-5.55-150300.3.25.1 * bluez-debuginfo-5.55-150300.3.25.1 * libbluetooth3-debuginfo-5.55-150300.3.25.1 * libbluetooth3-5.55-150300.3.25.1 * bluez-deprecated-5.55-150300.3.25.1 * bluez-debugsource-5.55-150300.3.25.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * bluez-deprecated-debuginfo-5.55-150300.3.25.1 * bluez-5.55-150300.3.25.1 * bluez-debuginfo-5.55-150300.3.25.1 * libbluetooth3-debuginfo-5.55-150300.3.25.1 * libbluetooth3-5.55-150300.3.25.1 * bluez-deprecated-5.55-150300.3.25.1 * bluez-debugsource-5.55-150300.3.25.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * bluez-deprecated-debuginfo-5.55-150300.3.25.1 * bluez-5.55-150300.3.25.1 * bluez-debuginfo-5.55-150300.3.25.1 * libbluetooth3-debuginfo-5.55-150300.3.25.1 * libbluetooth3-5.55-150300.3.25.1 * bluez-deprecated-5.55-150300.3.25.1 * bluez-debugsource-5.55-150300.3.25.1 ## References: * https://www.suse.com/security/cve/CVE-2021-41229.html * https://bugzilla.suse.com/show_bug.cgi?id=1192760 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:31 -0000 Subject: SUSE-SU-2023:3239-1: moderate: Security update for openssl-1_1 Message-ID: <169152663126.19688.10781995885091160489@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:3239-1 Rating: moderate References: * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3239=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3239=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3239=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3239=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.98.1 * openssl-1_1-debugsource-1.1.1d-2.98.1 * libopenssl-1_1-devel-1.1.1d-2.98.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.98.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1d-2.98.1 * openssl-1_1-debuginfo-1.1.1d-2.98.1 * libopenssl1_1-hmac-1.1.1d-2.98.1 * openssl-1_1-1.1.1d-2.98.1 * libopenssl1_1-debuginfo-1.1.1d-2.98.1 * libopenssl1_1-1.1.1d-2.98.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.98.1 * libopenssl1_1-32bit-1.1.1d-2.98.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.98.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1d-2.98.1 * openssl-1_1-debuginfo-1.1.1d-2.98.1 * libopenssl1_1-hmac-1.1.1d-2.98.1 * openssl-1_1-1.1.1d-2.98.1 * libopenssl1_1-debuginfo-1.1.1d-2.98.1 * libopenssl1_1-1.1.1d-2.98.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.98.1 * libopenssl1_1-32bit-1.1.1d-2.98.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.98.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssl-1_1-debugsource-1.1.1d-2.98.1 * openssl-1_1-debuginfo-1.1.1d-2.98.1 * libopenssl1_1-hmac-1.1.1d-2.98.1 * openssl-1_1-1.1.1d-2.98.1 * libopenssl1_1-debuginfo-1.1.1d-2.98.1 * libopenssl1_1-1.1.1d-2.98.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.98.1 * libopenssl1_1-32bit-1.1.1d-2.98.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.98.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:34 -0000 Subject: SUSE-SU-2023:3238-1: moderate: Security update for bluez Message-ID: <169152663437.19688.12056728811231360891@smelt2.suse.de> # Security update for bluez Announcement ID: SUSE-SU-2023:3238-1 Rating: moderate References: * #1192760 Cross-References: * CVE-2021-41229 CVSS scores: * CVE-2021-41229 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-41229 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for bluez fixes the following issues: * CVE-2021-41229: Fix leaking buffers stored in cstates cache. (bsc#1192760) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3238=1 SUSE-2023-3238=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3238=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3238=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3238=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3238=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3238=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3238=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3238=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3238=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3238=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * bluez-test-5.62-150400.4.16.1 * bluez-debuginfo-5.62-150400.4.16.1 * libbluetooth3-5.62-150400.4.16.1 * bluez-deprecated-debuginfo-5.62-150400.4.16.1 * bluez-test-debuginfo-5.62-150400.4.16.1 * bluez-debugsource-5.62-150400.4.16.1 * bluez-devel-5.62-150400.4.16.1 * bluez-cups-5.62-150400.4.16.1 * bluez-5.62-150400.4.16.1 * libbluetooth3-debuginfo-5.62-150400.4.16.1 * bluez-deprecated-5.62-150400.4.16.1 * bluez-cups-debuginfo-5.62-150400.4.16.1 * openSUSE Leap 15.4 (noarch) * bluez-auto-enable-devices-5.62-150400.4.16.1 * openSUSE Leap 15.4 (x86_64) * bluez-devel-32bit-5.62-150400.4.16.1 * libbluetooth3-32bit-5.62-150400.4.16.1 * libbluetooth3-32bit-debuginfo-5.62-150400.4.16.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libbluetooth3-64bit-5.62-150400.4.16.1 * bluez-devel-64bit-5.62-150400.4.16.1 * libbluetooth3-64bit-debuginfo-5.62-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libbluetooth3-debuginfo-5.62-150400.4.16.1 * libbluetooth3-5.62-150400.4.16.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libbluetooth3-debuginfo-5.62-150400.4.16.1 * libbluetooth3-5.62-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libbluetooth3-debuginfo-5.62-150400.4.16.1 * libbluetooth3-5.62-150400.4.16.1 * bluez-debugsource-5.62-150400.4.16.1 * bluez-debuginfo-5.62-150400.4.16.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libbluetooth3-debuginfo-5.62-150400.4.16.1 * libbluetooth3-5.62-150400.4.16.1 * bluez-debugsource-5.62-150400.4.16.1 * bluez-debuginfo-5.62-150400.4.16.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * bluez-debuginfo-5.62-150400.4.16.1 * libbluetooth3-5.62-150400.4.16.1 * bluez-deprecated-debuginfo-5.62-150400.4.16.1 * bluez-debugsource-5.62-150400.4.16.1 * bluez-5.62-150400.4.16.1 * libbluetooth3-debuginfo-5.62-150400.4.16.1 * bluez-deprecated-5.62-150400.4.16.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * bluez-debugsource-5.62-150400.4.16.1 * bluez-debuginfo-5.62-150400.4.16.1 * bluez-devel-5.62-150400.4.16.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * bluez-cups-5.62-150400.4.16.1 * bluez-debugsource-5.62-150400.4.16.1 * bluez-debuginfo-5.62-150400.4.16.1 * bluez-cups-debuginfo-5.62-150400.4.16.1 * openSUSE Leap Micro 5.3 (aarch64 s390x x86_64) * libbluetooth3-debuginfo-5.62-150400.4.16.1 * libbluetooth3-5.62-150400.4.16.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libbluetooth3-debuginfo-5.62-150400.4.16.1 * libbluetooth3-5.62-150400.4.16.1 * bluez-debugsource-5.62-150400.4.16.1 * bluez-debuginfo-5.62-150400.4.16.1 ## References: * https://www.suse.com/security/cve/CVE-2021-41229.html * https://bugzilla.suse.com/show_bug.cgi?id=1192760 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:37 -0000 Subject: SUSE-SU-2023:3237-1: important: Security update for webkit2gtk3 Message-ID: <169152663732.19688.11194233097829595947@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:3237-1 Rating: important References: * #1212863 * #1213905 Cross-References: * CVE-2022-48503 * CVE-2023-32435 * CVE-2023-32439 * CVE-2023-38133 * CVE-2023-38572 * CVE-2023-38592 * CVE-2023-38594 * CVE-2023-38595 * CVE-2023-38597 * CVE-2023-38599 * CVE-2023-38600 * CVE-2023-38611 CVSS scores: * CVE-2022-48503 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32435 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32435 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32439 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32439 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38133 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-38572 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-38592 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38594 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38595 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38597 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38599 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-38600 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38611 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 (bsc#1213905): * CVE-2023-38133: Fixed information disclosure. * CVE-2023-38572: Fixed Same-Origin-Policy bypass. * CVE-2023-38592: Fixed arbitrary code execution. * CVE-2023-38594: Fixed arbitrary code execution. * CVE-2023-38595: Fixed arbitrary code execution. * CVE-2023-38597: Fixed arbitrary code execution. * CVE-2023-38599: Fixed sensitive user information tracking. * CVE-2023-38600: Fixed arbitrary code execution. * CVE-2023-38611: Fixed arbitrary code execution. Update to version 2.40.3 (bsc#1212863): * CVE-2023-32439: Fixed a bug where processing maliciously crafted web content may lead to arbitrary code execution. (bsc#1212863) * CVE-2023-32435: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) * CVE-2022-48503: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3237=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3237=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3237=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3237=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3237=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3237=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-devel-2.40.5-2.146.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-2.146.1 * webkit2gtk3-debugsource-2.40.5-2.146.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * typelib-1_0-JavaScriptCore-4_0-2.40.5-2.146.1 * webkit2gtk3-debugsource-2.40.5-2.146.1 * typelib-1_0-WebKit2-4_0-2.40.5-2.146.1 * webkit2gtk3-devel-2.40.5-2.146.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-2.146.1 * libjavascriptcoregtk-4_0-18-2.40.5-2.146.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-2.146.1 * webkit2gtk-4_0-injected-bundles-2.40.5-2.146.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-2.146.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-2.146.1 * libwebkit2gtk-4_0-37-2.40.5-2.146.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * libwebkit2gtk3-lang-2.40.5-2.146.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * typelib-1_0-JavaScriptCore-4_0-2.40.5-2.146.1 * webkit2gtk3-debugsource-2.40.5-2.146.1 * typelib-1_0-WebKit2-4_0-2.40.5-2.146.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-2.146.1 * libjavascriptcoregtk-4_0-18-2.40.5-2.146.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-2.146.1 * webkit2gtk-4_0-injected-bundles-2.40.5-2.146.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-2.146.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-2.146.1 * libwebkit2gtk-4_0-37-2.40.5-2.146.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libwebkit2gtk3-lang-2.40.5-2.146.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-JavaScriptCore-4_0-2.40.5-2.146.1 * webkit2gtk3-debugsource-2.40.5-2.146.1 * typelib-1_0-WebKit2-4_0-2.40.5-2.146.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-2.146.1 * libjavascriptcoregtk-4_0-18-2.40.5-2.146.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-2.146.1 * webkit2gtk-4_0-injected-bundles-2.40.5-2.146.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-2.146.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-2.146.1 * libwebkit2gtk-4_0-37-2.40.5-2.146.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libwebkit2gtk3-lang-2.40.5-2.146.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * typelib-1_0-JavaScriptCore-4_0-2.40.5-2.146.1 * webkit2gtk3-debugsource-2.40.5-2.146.1 * typelib-1_0-WebKit2-4_0-2.40.5-2.146.1 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-2.146.1 * libjavascriptcoregtk-4_0-18-2.40.5-2.146.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-2.146.1 * webkit2gtk-4_0-injected-bundles-2.40.5-2.146.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-2.146.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-2.146.1 * libwebkit2gtk-4_0-37-2.40.5-2.146.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libwebkit2gtk3-lang-2.40.5-2.146.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-2.40.5-2.146.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48503.html * https://www.suse.com/security/cve/CVE-2023-32435.html * https://www.suse.com/security/cve/CVE-2023-32439.html * https://www.suse.com/security/cve/CVE-2023-38133.html * https://www.suse.com/security/cve/CVE-2023-38572.html * https://www.suse.com/security/cve/CVE-2023-38592.html * https://www.suse.com/security/cve/CVE-2023-38594.html * https://www.suse.com/security/cve/CVE-2023-38595.html * https://www.suse.com/security/cve/CVE-2023-38597.html * https://www.suse.com/security/cve/CVE-2023-38599.html * https://www.suse.com/security/cve/CVE-2023-38600.html * https://www.suse.com/security/cve/CVE-2023-38611.html * https://bugzilla.suse.com/show_bug.cgi?id=1212863 * https://bugzilla.suse.com/show_bug.cgi?id=1213905 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:39 -0000 Subject: SUSE-SU-2023:3236-1: important: Security update for gstreamer-plugins-base Message-ID: <169152663969.19688.3311741572661268089@smelt2.suse.de> # Security update for gstreamer-plugins-base Announcement ID: SUSE-SU-2023:3236-1 Rating: important References: * #1213128 * #1213131 Cross-References: * CVE-2023-37327 * CVE-2023-37328 CVSS scores: * CVE-2023-37327 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37328 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-base fixes the following issues: * CVE-2023-37327: Fixed FLAC file parsing integer overflow remote code execution vulnerability. (bsc#1213128) * CVE-2023-37328: Fixed PGS file parsing heap-based buffer overflow remote code execution vulnerability. (bsc#1213131) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3236=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3236=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3236=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3236=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3236=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3236=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * typelib-1_0-GstAudio-1_0-1.8.3-13.9.1 * typelib-1_0-GstTag-1_0-1.8.3-13.9.1 * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.9.1 * libgstfft-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * typelib-1_0-GstPbutils-1_0-1.8.3-13.9.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.9.1 * libgstfft-1_0-0-32bit-1.8.3-13.9.1 * gstreamer-plugins-base-debugsource-1.8.3-13.9.1 * typelib-1_0-GstVideo-1_0-1.8.3-13.9.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstAudio-1_0-1.8.3-13.9.1 * typelib-1_0-GstTag-1_0-1.8.3-13.9.1 * typelib-1_0-GstApp-1_0-1.8.3-13.9.1 * typelib-1_0-GstPbutils-1_0-1.8.3-13.9.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.9.1 * typelib-1_0-GstSdp-1_0-1.8.3-13.9.1 * gstreamer-plugins-base-devel-1.8.3-13.9.1 * typelib-1_0-GstAllocators-1_0-1.8.3-13.9.1 * typelib-1_0-GstRtp-1_0-1.8.3-13.9.1 * typelib-1_0-GstFft-1_0-1.8.3-13.9.1 * gstreamer-plugins-base-debugsource-1.8.3-13.9.1 * typelib-1_0-GstRtsp-1_0-1.8.3-13.9.1 * typelib-1_0-GstVideo-1_0-1.8.3-13.9.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.9.1 * libgsttag-1_0-0-32bit-1.8.3-13.9.1 * libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstapp-1_0-0-debuginfo-1.8.3-13.9.1 * libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * gstreamer-plugins-base-1.8.3-13.9.1 * libgstaudio-1_0-0-1.8.3-13.9.1 * libgstsdp-1_0-0-1.8.3-13.9.1 * libgstsdp-1_0-0-debuginfo-1.8.3-13.9.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.9.1 * libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstpbutils-1_0-0-32bit-1.8.3-13.9.1 * libgstrtp-1_0-0-1.8.3-13.9.1 * libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstaudio-1_0-0-debuginfo-1.8.3-13.9.1 * libgsttag-1_0-0-1.8.3-13.9.1 * libgstfft-1_0-0-1.8.3-13.9.1 * libgstpbutils-1_0-0-1.8.3-13.9.1 * libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * gstreamer-plugins-base-debugsource-1.8.3-13.9.1 * libgstapp-1_0-0-32bit-1.8.3-13.9.1 * libgstaudio-1_0-0-32bit-1.8.3-13.9.1 * libgstapp-1_0-0-1.8.3-13.9.1 * libgstallocators-1_0-0-1.8.3-13.9.1 * libgstvideo-1_0-0-debuginfo-1.8.3-13.9.1 * libgstvideo-1_0-0-1.8.3-13.9.1 * libgsttag-1_0-0-debuginfo-1.8.3-13.9.1 * libgstriff-1_0-0-1.8.3-13.9.1 * libgstvideo-1_0-0-32bit-1.8.3-13.9.1 * libgstfft-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtp-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtsp-1_0-0-1.8.3-13.9.1 * libgstriff-1_0-0-debuginfo-1.8.3-13.9.1 * libgstpbutils-1_0-0-debuginfo-1.8.3-13.9.1 * libgstallocators-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtsp-1_0-0-debuginfo-1.8.3-13.9.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * gstreamer-plugins-base-lang-1.8.3-13.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libgstapp-1_0-0-debuginfo-1.8.3-13.9.1 * gstreamer-plugins-base-1.8.3-13.9.1 * libgstaudio-1_0-0-1.8.3-13.9.1 * libgstsdp-1_0-0-1.8.3-13.9.1 * libgstsdp-1_0-0-debuginfo-1.8.3-13.9.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.9.1 * libgstrtp-1_0-0-1.8.3-13.9.1 * libgstaudio-1_0-0-debuginfo-1.8.3-13.9.1 * libgsttag-1_0-0-1.8.3-13.9.1 * libgstfft-1_0-0-1.8.3-13.9.1 * libgstpbutils-1_0-0-1.8.3-13.9.1 * gstreamer-plugins-base-debugsource-1.8.3-13.9.1 * libgstapp-1_0-0-1.8.3-13.9.1 * libgstallocators-1_0-0-1.8.3-13.9.1 * libgstvideo-1_0-0-debuginfo-1.8.3-13.9.1 * libgstvideo-1_0-0-1.8.3-13.9.1 * libgsttag-1_0-0-debuginfo-1.8.3-13.9.1 * libgstriff-1_0-0-1.8.3-13.9.1 * libgstfft-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtp-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtsp-1_0-0-1.8.3-13.9.1 * libgstriff-1_0-0-debuginfo-1.8.3-13.9.1 * libgstpbutils-1_0-0-debuginfo-1.8.3-13.9.1 * libgstallocators-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtsp-1_0-0-debuginfo-1.8.3-13.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gstreamer-plugins-base-lang-1.8.3-13.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libgstaudio-1_0-0-32bit-1.8.3-13.9.1 * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.9.1 * libgsttag-1_0-0-32bit-1.8.3-13.9.1 * libgstvideo-1_0-0-32bit-1.8.3-13.9.1 * libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstpbutils-1_0-0-32bit-1.8.3-13.9.1 * libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstapp-1_0-0-32bit-1.8.3-13.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgstapp-1_0-0-debuginfo-1.8.3-13.9.1 * gstreamer-plugins-base-1.8.3-13.9.1 * libgstaudio-1_0-0-1.8.3-13.9.1 * libgstsdp-1_0-0-1.8.3-13.9.1 * libgstsdp-1_0-0-debuginfo-1.8.3-13.9.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.9.1 * libgstrtp-1_0-0-1.8.3-13.9.1 * libgstaudio-1_0-0-debuginfo-1.8.3-13.9.1 * libgsttag-1_0-0-1.8.3-13.9.1 * libgstfft-1_0-0-1.8.3-13.9.1 * libgstpbutils-1_0-0-1.8.3-13.9.1 * gstreamer-plugins-base-debugsource-1.8.3-13.9.1 * libgstapp-1_0-0-1.8.3-13.9.1 * libgstallocators-1_0-0-1.8.3-13.9.1 * libgstvideo-1_0-0-debuginfo-1.8.3-13.9.1 * libgstvideo-1_0-0-1.8.3-13.9.1 * libgsttag-1_0-0-debuginfo-1.8.3-13.9.1 * libgstriff-1_0-0-1.8.3-13.9.1 * libgstfft-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtp-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtsp-1_0-0-1.8.3-13.9.1 * libgstriff-1_0-0-debuginfo-1.8.3-13.9.1 * libgstpbutils-1_0-0-debuginfo-1.8.3-13.9.1 * libgstallocators-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtsp-1_0-0-debuginfo-1.8.3-13.9.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gstreamer-plugins-base-lang-1.8.3-13.9.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libgstaudio-1_0-0-32bit-1.8.3-13.9.1 * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.9.1 * libgsttag-1_0-0-32bit-1.8.3-13.9.1 * libgstvideo-1_0-0-32bit-1.8.3-13.9.1 * libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstpbutils-1_0-0-32bit-1.8.3-13.9.1 * libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstapp-1_0-0-32bit-1.8.3-13.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgstapp-1_0-0-debuginfo-1.8.3-13.9.1 * gstreamer-plugins-base-1.8.3-13.9.1 * libgstaudio-1_0-0-1.8.3-13.9.1 * libgstsdp-1_0-0-1.8.3-13.9.1 * libgstsdp-1_0-0-debuginfo-1.8.3-13.9.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.9.1 * libgstrtp-1_0-0-1.8.3-13.9.1 * libgstaudio-1_0-0-debuginfo-1.8.3-13.9.1 * libgsttag-1_0-0-1.8.3-13.9.1 * libgstfft-1_0-0-1.8.3-13.9.1 * libgstpbutils-1_0-0-1.8.3-13.9.1 * gstreamer-plugins-base-debugsource-1.8.3-13.9.1 * libgstapp-1_0-0-1.8.3-13.9.1 * libgstallocators-1_0-0-1.8.3-13.9.1 * libgstvideo-1_0-0-debuginfo-1.8.3-13.9.1 * libgstvideo-1_0-0-1.8.3-13.9.1 * libgsttag-1_0-0-debuginfo-1.8.3-13.9.1 * libgstriff-1_0-0-1.8.3-13.9.1 * libgstfft-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtp-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtsp-1_0-0-1.8.3-13.9.1 * libgstriff-1_0-0-debuginfo-1.8.3-13.9.1 * libgstpbutils-1_0-0-debuginfo-1.8.3-13.9.1 * libgstallocators-1_0-0-debuginfo-1.8.3-13.9.1 * libgstrtsp-1_0-0-debuginfo-1.8.3-13.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gstreamer-plugins-base-lang-1.8.3-13.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libgstaudio-1_0-0-32bit-1.8.3-13.9.1 * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.9.1 * libgsttag-1_0-0-32bit-1.8.3-13.9.1 * libgstvideo-1_0-0-32bit-1.8.3-13.9.1 * libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstpbutils-1_0-0-32bit-1.8.3-13.9.1 * libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.9.1 * libgstapp-1_0-0-32bit-1.8.3-13.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37327.html * https://www.suse.com/security/cve/CVE-2023-37328.html * https://bugzilla.suse.com/show_bug.cgi?id=1213128 * https://bugzilla.suse.com/show_bug.cgi?id=1213131 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:41 -0000 Subject: SUSE-SU-2023:3235-1: important: Security update for gstreamer-plugins-bad Message-ID: <169152664169.19688.10541991355093694466@smelt2.suse.de> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:3235-1 Rating: important References: * #1213126 Cross-References: * CVE-2023-37329 CVSS scores: * CVE-2023-37329 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-37329: Fixed a heap overwrite in PGS subtitle overlay decoder which might trigger a crash or remote code execution. (bsc#1213126) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3235=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3235=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3235=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-devel-1.16.3-150200.4.7.2 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.7.2 * libgstbadaudio-1_0-0-1.16.3-150200.4.7.2 * libgstsctp-1_0-0-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-1.16.3-150200.4.7.2 * libgstisoff-1_0-0-1.16.3-150200.4.7.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstinsertbin-1_0-0-1.16.3-150200.4.7.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.7.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.7.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstcodecparsers-1_0-0-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.7.2 * libgstplayer-1_0-0-1.16.3-150200.4.7.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.7.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.7.2 * libgsturidownloader-1_0-0-1.16.3-150200.4.7.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstmpegts-1_0-0-1.16.3-150200.4.7.2 * libgstwayland-1_0-0-1.16.3-150200.4.7.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstwebrtc-1_0-0-1.16.3-150200.4.7.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.7.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.7.2 * libgstphotography-1_0-0-1.16.3-150200.4.7.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.7.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.7.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-devel-1.16.3-150200.4.7.2 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.7.2 * libgstbadaudio-1_0-0-1.16.3-150200.4.7.2 * libgstsctp-1_0-0-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-1.16.3-150200.4.7.2 * libgstisoff-1_0-0-1.16.3-150200.4.7.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstinsertbin-1_0-0-1.16.3-150200.4.7.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.7.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.7.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstcodecparsers-1_0-0-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.7.2 * libgstplayer-1_0-0-1.16.3-150200.4.7.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.7.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.7.2 * libgsturidownloader-1_0-0-1.16.3-150200.4.7.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstmpegts-1_0-0-1.16.3-150200.4.7.2 * libgstwayland-1_0-0-1.16.3-150200.4.7.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstwebrtc-1_0-0-1.16.3-150200.4.7.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.7.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.7.2 * libgstphotography-1_0-0-1.16.3-150200.4.7.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.7.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.7.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * typelib-1_0-GstInsertBin-1_0-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-devel-1.16.3-150200.4.7.2 * libgstadaptivedemux-1_0-0-1.16.3-150200.4.7.2 * libgstbadaudio-1_0-0-1.16.3-150200.4.7.2 * libgstsctp-1_0-0-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-1.16.3-150200.4.7.2 * libgstisoff-1_0-0-1.16.3-150200.4.7.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstinsertbin-1_0-0-1.16.3-150200.4.7.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150200.4.7.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150200.4.7.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstcodecparsers-1_0-0-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-debugsource-1.16.3-150200.4.7.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150200.4.7.2 * libgstplayer-1_0-0-1.16.3-150200.4.7.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150200.4.7.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150200.4.7.2 * libgsturidownloader-1_0-0-1.16.3-150200.4.7.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstmpegts-1_0-0-1.16.3-150200.4.7.2 * libgstwayland-1_0-0-1.16.3-150200.4.7.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150200.4.7.2 * libgstwebrtc-1_0-0-1.16.3-150200.4.7.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150200.4.7.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150200.4.7.2 * libgstphotography-1_0-0-1.16.3-150200.4.7.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150200.4.7.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150200.4.7.2 ## References: * https://www.suse.com/security/cve/CVE-2023-37329.html * https://bugzilla.suse.com/show_bug.cgi?id=1213126 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 8 20:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 08 Aug 2023 20:30:45 -0000 Subject: SUSE-SU-2023:3234-1: important: Security update for qemu Message-ID: <169152664560.19688.1913776376488435913@smelt2.suse.de> # Security update for qemu Announcement ID: SUSE-SU-2023:3234-1 Rating: important References: * #1212968 * #1213001 * #1213414 Cross-References: * CVE-2023-2861 * CVE-2023-3255 * CVE-2023-3301 CVSS scores: * CVE-2023-2861 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3255 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2023-2861: Fixed improper access control on special files in 9pfs (bsc#1212968). * CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net() (bsc#1213414). * CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3234=1 openSUSE-SLE-15.4-2023-3234=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3234=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3234=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3234=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3234=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3234=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3234=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3234=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3234=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-usb-host-6.2.0-150400.37.20.1 * qemu-extra-debuginfo-6.2.0-150400.37.20.1 * qemu-s390x-6.2.0-150400.37.20.1 * qemu-accel-qtest-debuginfo-6.2.0-150400.37.20.1 * qemu-chardev-baum-6.2.0-150400.37.20.1 * qemu-audio-alsa-6.2.0-150400.37.20.1 * qemu-linux-user-debugsource-6.2.0-150400.37.20.1 * qemu-block-dmg-debuginfo-6.2.0-150400.37.20.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.20.1 * qemu-block-ssh-6.2.0-150400.37.20.1 * qemu-arm-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-6.2.0-150400.37.20.1 * qemu-ppc-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1 * qemu-s390x-debuginfo-6.2.0-150400.37.20.1 * qemu-block-gluster-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-jack-debuginfo-6.2.0-150400.37.20.1 * qemu-debugsource-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-gtk-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-6.2.0-150400.37.20.1 * qemu-ui-curses-6.2.0-150400.37.20.1 * qemu-block-gluster-6.2.0-150400.37.20.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.20.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-pa-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-jack-6.2.0-150400.37.20.1 * qemu-ivshmem-tools-debuginfo-6.2.0-150400.37.20.1 * qemu-debuginfo-6.2.0-150400.37.20.1 * qemu-x86-6.2.0-150400.37.20.1 * qemu-arm-6.2.0-150400.37.20.1 * qemu-audio-spice-6.2.0-150400.37.20.1 * qemu-block-curl-6.2.0-150400.37.20.1 * qemu-block-nfs-6.2.0-150400.37.20.1 * qemu-hw-usb-smartcard-6.2.0-150400.37.20.1 * qemu-ivshmem-tools-6.2.0-150400.37.20.1 * qemu-tools-6.2.0-150400.37.20.1 * qemu-ui-spice-core-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.20.1 * qemu-linux-user-6.2.0-150400.37.20.1 * qemu-lang-6.2.0-150400.37.20.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.20.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-oss-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.20.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.20.1 * qemu-ppc-6.2.0-150400.37.20.1 * qemu-ui-opengl-6.2.0-150400.37.20.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.20.1 * qemu-ui-spice-app-6.2.0-150400.37.20.1 * qemu-block-dmg-6.2.0-150400.37.20.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-tools-debuginfo-6.2.0-150400.37.20.1 * qemu-vhost-user-gpu-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-chardev-spice-6.2.0-150400.37.20.1 * qemu-block-nfs-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-qtest-6.2.0-150400.37.20.1 * qemu-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.20.1 * qemu-ksm-6.2.0-150400.37.20.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-usb-smartcard-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-oss-debuginfo-6.2.0-150400.37.20.1 * qemu-vhost-user-gpu-6.2.0-150400.37.20.1 * qemu-extra-6.2.0-150400.37.20.1 * qemu-linux-user-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.20.1 * qemu-block-iscsi-6.2.0-150400.37.20.1 * qemu-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-6.2.0-150400.37.20.1 * qemu-guest-agent-6.2.0-150400.37.20.1 * openSUSE Leap 15.4 (s390x x86_64 i586) * qemu-kvm-6.2.0-150400.37.20.1 * openSUSE Leap 15.4 (noarch) * qemu-SLOF-6.2.0-150400.37.20.1 * qemu-ipxe-1.0.0+-150400.37.20.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * qemu-microvm-6.2.0-150400.37.20.1 * qemu-sgabios-8-150400.37.20.1 * qemu-skiboot-6.2.0-150400.37.20.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-debuginfo-6.2.0-150400.37.20.1 * qemu-block-rbd-6.2.0-150400.37.20.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * qemu-6.2.0-150400.37.20.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-6.2.0-150400.37.20.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.20.1 * qemu-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-6.2.0-150400.37.20.1 * qemu-tools-6.2.0-150400.37.20.1 * qemu-ui-spice-core-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-6.2.0-150400.37.20.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-tools-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-chardev-spice-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.20.1 * qemu-debugsource-6.2.0-150400.37.20.1 * qemu-guest-agent-6.2.0-150400.37.20.1 * openSUSE Leap Micro 5.3 (x86_64) * qemu-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-6.2.0-150400.37.20.1 * qemu-x86-6.2.0-150400.37.20.1 * openSUSE Leap Micro 5.3 (noarch) * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * qemu-sgabios-8-150400.37.20.1 * qemu-ipxe-1.0.0+-150400.37.20.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * openSUSE Leap Micro 5.3 (aarch64) * qemu-arm-6.2.0-150400.37.20.1 * qemu-arm-debuginfo-6.2.0-150400.37.20.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * qemu-6.2.0-150400.37.20.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-6.2.0-150400.37.20.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.20.1 * qemu-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-6.2.0-150400.37.20.1 * qemu-tools-6.2.0-150400.37.20.1 * qemu-ui-spice-core-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-6.2.0-150400.37.20.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-tools-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-chardev-spice-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.20.1 * qemu-debugsource-6.2.0-150400.37.20.1 * qemu-guest-agent-6.2.0-150400.37.20.1 * openSUSE Leap Micro 5.4 (x86_64) * qemu-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-6.2.0-150400.37.20.1 * qemu-x86-6.2.0-150400.37.20.1 * openSUSE Leap Micro 5.4 (noarch) * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * qemu-sgabios-8-150400.37.20.1 * qemu-ipxe-1.0.0+-150400.37.20.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * openSUSE Leap Micro 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.20.1 * qemu-s390x-debuginfo-6.2.0-150400.37.20.1 * openSUSE Leap Micro 5.4 (aarch64) * qemu-arm-6.2.0-150400.37.20.1 * qemu-arm-debuginfo-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * qemu-6.2.0-150400.37.20.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-6.2.0-150400.37.20.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.20.1 * qemu-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-6.2.0-150400.37.20.1 * qemu-tools-6.2.0-150400.37.20.1 * qemu-ui-spice-core-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-6.2.0-150400.37.20.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-tools-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-chardev-spice-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.20.1 * qemu-debugsource-6.2.0-150400.37.20.1 * qemu-guest-agent-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64) * qemu-arm-6.2.0-150400.37.20.1 * qemu-arm-debuginfo-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * qemu-sgabios-8-150400.37.20.1 * qemu-ipxe-1.0.0+-150400.37.20.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * qemu-s390x-6.2.0-150400.37.20.1 * qemu-s390x-debuginfo-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * qemu-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-6.2.0-150400.37.20.1 * qemu-x86-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * qemu-6.2.0-150400.37.20.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-6.2.0-150400.37.20.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.20.1 * qemu-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-6.2.0-150400.37.20.1 * qemu-tools-6.2.0-150400.37.20.1 * qemu-ui-spice-core-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-6.2.0-150400.37.20.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-tools-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-chardev-spice-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.20.1 * qemu-debugsource-6.2.0-150400.37.20.1 * qemu-guest-agent-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro 5.3 (aarch64) * qemu-arm-6.2.0-150400.37.20.1 * qemu-arm-debuginfo-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * qemu-sgabios-8-150400.37.20.1 * qemu-ipxe-1.0.0+-150400.37.20.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * qemu-s390x-6.2.0-150400.37.20.1 * qemu-s390x-debuginfo-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * qemu-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-6.2.0-150400.37.20.1 * qemu-x86-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * qemu-6.2.0-150400.37.20.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-6.2.0-150400.37.20.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.20.1 * qemu-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-6.2.0-150400.37.20.1 * qemu-tools-6.2.0-150400.37.20.1 * qemu-ui-spice-core-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-6.2.0-150400.37.20.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-tools-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-chardev-spice-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.20.1 * qemu-debugsource-6.2.0-150400.37.20.1 * qemu-guest-agent-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64) * qemu-arm-6.2.0-150400.37.20.1 * qemu-arm-debuginfo-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * qemu-sgabios-8-150400.37.20.1 * qemu-ipxe-1.0.0+-150400.37.20.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.20.1 * qemu-s390x-debuginfo-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * qemu-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-6.2.0-150400.37.20.1 * qemu-x86-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * qemu-6.2.0-150400.37.20.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-6.2.0-150400.37.20.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.20.1 * qemu-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-6.2.0-150400.37.20.1 * qemu-tools-6.2.0-150400.37.20.1 * qemu-ui-spice-core-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-6.2.0-150400.37.20.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-tools-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-chardev-spice-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.20.1 * qemu-debugsource-6.2.0-150400.37.20.1 * qemu-guest-agent-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro 5.4 (aarch64) * qemu-arm-6.2.0-150400.37.20.1 * qemu-arm-debuginfo-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * qemu-sgabios-8-150400.37.20.1 * qemu-ipxe-1.0.0+-150400.37.20.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.20.1 * qemu-s390x-debuginfo-6.2.0-150400.37.20.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * qemu-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-6.2.0-150400.37.20.1 * qemu-x86-6.2.0-150400.37.20.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * qemu-tools-6.2.0-150400.37.20.1 * qemu-debugsource-6.2.0-150400.37.20.1 * qemu-tools-debuginfo-6.2.0-150400.37.20.1 * qemu-debuginfo-6.2.0-150400.37.20.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * qemu-hw-usb-host-6.2.0-150400.37.20.1 * qemu-chardev-baum-6.2.0-150400.37.20.1 * qemu-6.2.0-150400.37.20.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.20.1 * qemu-block-ssh-6.2.0-150400.37.20.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-curses-6.2.0-150400.37.20.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.20.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.20.1 * qemu-block-rbd-6.2.0-150400.37.20.1 * qemu-debuginfo-6.2.0-150400.37.20.1 * qemu-block-curl-6.2.0-150400.37.20.1 * qemu-lang-6.2.0-150400.37.20.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.20.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.20.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.20.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.20.1 * qemu-ksm-6.2.0-150400.37.20.1 * qemu-block-iscsi-6.2.0-150400.37.20.1 * qemu-debugsource-6.2.0-150400.37.20.1 * qemu-guest-agent-6.2.0-150400.37.20.1 * Server Applications Module 15-SP4 (aarch64) * qemu-arm-6.2.0-150400.37.20.1 * qemu-arm-debuginfo-6.2.0-150400.37.20.1 * Server Applications Module 15-SP4 (aarch64 ppc64le x86_64) * qemu-hw-usb-redirect-6.2.0-150400.37.20.1 * qemu-chardev-spice-6.2.0-150400.37.20.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.20.1 * qemu-ui-opengl-6.2.0-150400.37.20.1 * qemu-ui-gtk-6.2.0-150400.37.20.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-spice-app-6.2.0-150400.37.20.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.20.1 * qemu-ui-spice-core-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-6.2.0-150400.37.20.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.20.1 * Server Applications Module 15-SP4 (noarch) * qemu-SLOF-6.2.0-150400.37.20.1 * qemu-ipxe-1.0.0+-150400.37.20.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * qemu-sgabios-8-150400.37.20.1 * qemu-skiboot-6.2.0-150400.37.20.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.20.1 * Server Applications Module 15-SP4 (ppc64le) * qemu-ppc-6.2.0-150400.37.20.1 * qemu-ppc-debuginfo-6.2.0-150400.37.20.1 * Server Applications Module 15-SP4 (s390x x86_64) * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.20.1 * qemu-kvm-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.20.1 * Server Applications Module 15-SP4 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.20.1 * qemu-s390x-6.2.0-150400.37.20.1 * qemu-s390x-debuginfo-6.2.0-150400.37.20.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.20.1 * Server Applications Module 15-SP4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-pa-6.2.0-150400.37.20.1 * qemu-x86-debuginfo-6.2.0-150400.37.20.1 * qemu-audio-alsa-6.2.0-150400.37.20.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.20.1 * qemu-x86-6.2.0-150400.37.20.1 * qemu-accel-tcg-x86-6.2.0-150400.37.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2861.html * https://www.suse.com/security/cve/CVE-2023-3255.html * https://www.suse.com/security/cve/CVE-2023-3301.html * https://bugzilla.suse.com/show_bug.cgi?id=1212968 * https://bugzilla.suse.com/show_bug.cgi?id=1213001 * https://bugzilla.suse.com/show_bug.cgi?id=1213414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 9 07:04:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:04:37 +0200 (CEST) Subject: SUSE-CU-2023:2529-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230809070437.403BDFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2529-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.180 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.180 Severity : moderate Type : recommended References : 1211079 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Aug 9 07:05:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:05:47 +0200 (CEST) Subject: SUSE-CU-2023:2532-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230809070547.9F0A1FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2532-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.77 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.77 Severity : moderate Type : recommended References : 1211079 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Aug 9 07:05:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:05:53 +0200 (CEST) Subject: SUSE-CU-2023:2533-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20230809070553.57DA2FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2533-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.9 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.9 Severity : moderate Type : recommended References : 1211079 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Aug 9 07:07:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:07:23 +0200 (CEST) Subject: SUSE-CU-2023:2534-1: Recommended update of bci/bci-init Message-ID: <20230809070723.D0D23FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2534-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.29 Container Release : 29.29 Severity : moderate Type : recommended References : 1211079 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Aug 9 07:08:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:08:38 +0200 (CEST) Subject: SUSE-CU-2023:2535-1: Recommended update of suse/pcp Message-ID: <20230809070838.6AB30FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2535-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.66 , suse/pcp:5.2 , suse/pcp:5.2-17.66 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.66 Container Release : 17.66 Severity : moderate Type : recommended References : 1211079 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated - container:bci-bci-init-15.4-15.4-29.29 updated From sle-updates at lists.suse.com Wed Aug 9 07:08:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:08:48 +0200 (CEST) Subject: SUSE-CU-2023:2536-1: Recommended update of suse/postgres Message-ID: <20230809070848.A9A40FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2536-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.35 , suse/postgres:14.8 , suse/postgres:14.8-22.35 Container Release : 22.35 Severity : moderate Type : recommended References : 1211079 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Aug 9 07:09:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:09:07 +0200 (CEST) Subject: SUSE-CU-2023:2538-1: Recommended update of bci/bci-init Message-ID: <20230809070907.19B78FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2538-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.32 , bci/bci-init:latest Container Release : 8.32 Severity : moderate Type : recommended References : 1211079 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Aug 9 07:09:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:09:14 +0200 (CEST) Subject: SUSE-CU-2023:2539-1: Recommended update of suse/pcp Message-ID: <20230809070914.2506BFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2539-1 Container Tags : suse/pcp:5 , suse/pcp:5-13.11 , suse/pcp:5.2 , suse/pcp:5.2-13.11 , suse/pcp:5.2.5 , suse/pcp:5.2.5-13.11 , suse/pcp:latest Container Release : 13.11 Severity : moderate Type : recommended References : 1211079 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated - container:bci-bci-init-15.5-15.5-8.32 updated From sle-updates at lists.suse.com Wed Aug 9 07:09:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:09:19 +0200 (CEST) Subject: SUSE-CU-2023:2540-1: Recommended update of suse/postgres Message-ID: <20230809070919.3F2B1FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2540-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.23 , suse/postgres:15.3 , suse/postgres:15.3-9.23 , suse/postgres:latest Container Release : 9.23 Severity : moderate Type : recommended References : 1211079 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Aug 9 07:10:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:10:00 +0200 (CEST) Subject: SUSE-CU-2023:2541-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230809071000.BF13EFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2541-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.432 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.432 Severity : moderate Type : security References : 1211079 1213514 CVE-2022-41409 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3210-1 Released: Mon Aug 7 15:20:04 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3218-1 Released: Mon Aug 7 16:52:13 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-hmac-2.3.7-150300.3.8.1 updated - libcryptsetup12-2.3.7-150300.3.8.1 updated - libpcre2-8-0-10.31-150000.3.15.1 updated From sle-updates at lists.suse.com Wed Aug 9 07:11:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Aug 2023 09:11:58 +0200 (CEST) Subject: SUSE-CU-2023:2543-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230809071158.63E99FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2543-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.254 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.254 Severity : moderate Type : security References : 1211079 1213514 CVE-2022-41409 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3210-1 Released: Mon Aug 7 15:20:04 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3218-1 Released: Mon Aug 7 16:52:13 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) The following package changes have been done: - libcryptsetup12-hmac-2.3.7-150300.3.8.1 updated - libcryptsetup12-2.3.7-150300.3.8.1 updated - libpcre2-8-0-10.31-150000.3.15.1 updated From sle-updates at lists.suse.com Wed Aug 9 08:59:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 09 Aug 2023 08:59:23 -0000 Subject: SUSE-SU-2023:3252-1: moderate: Security update for wireshark Message-ID: <169157156347.28768.3418973370373954291@smelt2.suse.de> # Security update for wireshark Announcement ID: SUSE-SU-2023:3252-1 Rating: moderate References: * #1211703 * #1211705 * #1211706 * #1211707 * #1211710 * #1211793 * #1211844 * #1212084 * #1213319 Cross-References: * CVE-2023-0667 * CVE-2023-0668 * CVE-2023-2855 * CVE-2023-2856 * CVE-2023-2857 * CVE-2023-2858 * CVE-2023-2879 * CVE-2023-2952 * CVE-2023-3648 CVSS scores: * CVE-2023-0667 ( SUSE ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0667 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0668 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-0668 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2855 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-2856 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-2856 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-2857 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-2857 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-2858 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-2858 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-2879 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-2879 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-2952 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-2952 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-3648 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-3648 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves nine vulnerabilities can now be installed. ## Description: This update for wireshark fixes the following issues: Update to Wireshark 3.6.15: \- Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.15.html Security fixes: \- CVE-2023-0667: Fixed failure to validate MS-MMS packet length (bsc#1212084). \- CVE-2023-0668: Fixed IEEE C37.118 Synchrophasor dissector crash (bsc#1211710). \- CVE-2023-2855: Fixed Candump log file parser crash (bsc#1211703). \- CVE-2023-2856: Fixed VMS TCPIPtrace file parser crash (bsc#1211707). \- CVE-2023-2857: Fixed BLF file parser crash (bsc#1211705). \- CVE-2023-2858: Fixed NetScaler file parser crash (bsc#1211706). \- CVE-2023-2879: Fixed GDSDB dissector infinite loop (bsc#1211793). \- CVE-2023-2952: Fixed XRA dissector infinite loop (bsc#1211844). \- CVE-2023-3648: Fixed Kafka dissector crash (bsc#1213319). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3252=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3252=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3252=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3252=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3252=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3252=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3252=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3252=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3252=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3252=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-debuginfo-3.6.15-150000.3.97.1 * libwiretap12-debuginfo-3.6.15-150000.3.97.1 * wireshark-ui-qt-3.6.15-150000.3.97.1 * libwiretap12-3.6.15-150000.3.97.1 * libwsutil13-debuginfo-3.6.15-150000.3.97.1 * wireshark-3.6.15-150000.3.97.1 * wireshark-devel-3.6.15-150000.3.97.1 * libwsutil13-3.6.15-150000.3.97.1 * wireshark-debuginfo-3.6.15-150000.3.97.1 * wireshark-debugsource-3.6.15-150000.3.97.1 * libwireshark15-3.6.15-150000.3.97.1 * libwireshark15-debuginfo-3.6.15-150000.3.97.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-debuginfo-3.6.15-150000.3.97.1 * libwiretap12-debuginfo-3.6.15-150000.3.97.1 * wireshark-ui-qt-3.6.15-150000.3.97.1 * libwiretap12-3.6.15-150000.3.97.1 * libwsutil13-debuginfo-3.6.15-150000.3.97.1 * wireshark-3.6.15-150000.3.97.1 * wireshark-devel-3.6.15-150000.3.97.1 * libwsutil13-3.6.15-150000.3.97.1 * wireshark-debuginfo-3.6.15-150000.3.97.1 * wireshark-debugsource-3.6.15-150000.3.97.1 * libwireshark15-3.6.15-150000.3.97.1 * libwireshark15-debuginfo-3.6.15-150000.3.97.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.15-150000.3.97.1 * libwiretap12-3.6.15-150000.3.97.1 * libwsutil13-debuginfo-3.6.15-150000.3.97.1 * wireshark-3.6.15-150000.3.97.1 * libwsutil13-3.6.15-150000.3.97.1 * wireshark-debuginfo-3.6.15-150000.3.97.1 * wireshark-debugsource-3.6.15-150000.3.97.1 * libwireshark15-3.6.15-150000.3.97.1 * libwireshark15-debuginfo-3.6.15-150000.3.97.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.15-150000.3.97.1 * libwiretap12-3.6.15-150000.3.97.1 * libwsutil13-debuginfo-3.6.15-150000.3.97.1 * wireshark-3.6.15-150000.3.97.1 * libwsutil13-3.6.15-150000.3.97.1 * wireshark-debuginfo-3.6.15-150000.3.97.1 * wireshark-debugsource-3.6.15-150000.3.97.1 * libwireshark15-3.6.15-150000.3.97.1 * libwireshark15-debuginfo-3.6.15-150000.3.97.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-debuginfo-3.6.15-150000.3.97.1 * wireshark-ui-qt-3.6.15-150000.3.97.1 * wireshark-devel-3.6.15-150000.3.97.1 * wireshark-debuginfo-3.6.15-150000.3.97.1 * wireshark-debugsource-3.6.15-150000.3.97.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-debuginfo-3.6.15-150000.3.97.1 * wireshark-ui-qt-3.6.15-150000.3.97.1 * wireshark-devel-3.6.15-150000.3.97.1 * wireshark-debuginfo-3.6.15-150000.3.97.1 * wireshark-debugsource-3.6.15-150000.3.97.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * wireshark-ui-qt-debuginfo-3.6.15-150000.3.97.1 * libwiretap12-debuginfo-3.6.15-150000.3.97.1 * wireshark-ui-qt-3.6.15-150000.3.97.1 * libwiretap12-3.6.15-150000.3.97.1 * libwsutil13-debuginfo-3.6.15-150000.3.97.1 * wireshark-3.6.15-150000.3.97.1 * wireshark-devel-3.6.15-150000.3.97.1 * libwsutil13-3.6.15-150000.3.97.1 * wireshark-debuginfo-3.6.15-150000.3.97.1 * wireshark-debugsource-3.6.15-150000.3.97.1 * libwireshark15-3.6.15-150000.3.97.1 * libwireshark15-debuginfo-3.6.15-150000.3.97.1 * SUSE Manager Proxy 4.2 (x86_64) * libwiretap12-debuginfo-3.6.15-150000.3.97.1 * libwiretap12-3.6.15-150000.3.97.1 * libwsutil13-debuginfo-3.6.15-150000.3.97.1 * wireshark-3.6.15-150000.3.97.1 * libwsutil13-3.6.15-150000.3.97.1 * wireshark-debuginfo-3.6.15-150000.3.97.1 * wireshark-debugsource-3.6.15-150000.3.97.1 * libwireshark15-3.6.15-150000.3.97.1 * libwireshark15-debuginfo-3.6.15-150000.3.97.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libwiretap12-debuginfo-3.6.15-150000.3.97.1 * libwiretap12-3.6.15-150000.3.97.1 * libwsutil13-debuginfo-3.6.15-150000.3.97.1 * wireshark-3.6.15-150000.3.97.1 * libwsutil13-3.6.15-150000.3.97.1 * wireshark-debuginfo-3.6.15-150000.3.97.1 * wireshark-debugsource-3.6.15-150000.3.97.1 * libwireshark15-3.6.15-150000.3.97.1 * libwireshark15-debuginfo-3.6.15-150000.3.97.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.15-150000.3.97.1 * libwiretap12-3.6.15-150000.3.97.1 * libwsutil13-debuginfo-3.6.15-150000.3.97.1 * wireshark-3.6.15-150000.3.97.1 * libwsutil13-3.6.15-150000.3.97.1 * wireshark-debuginfo-3.6.15-150000.3.97.1 * wireshark-debugsource-3.6.15-150000.3.97.1 * libwireshark15-3.6.15-150000.3.97.1 * libwireshark15-debuginfo-3.6.15-150000.3.97.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0667.html * https://www.suse.com/security/cve/CVE-2023-0668.html * https://www.suse.com/security/cve/CVE-2023-2855.html * https://www.suse.com/security/cve/CVE-2023-2856.html * https://www.suse.com/security/cve/CVE-2023-2857.html * https://www.suse.com/security/cve/CVE-2023-2858.html * https://www.suse.com/security/cve/CVE-2023-2879.html * https://www.suse.com/security/cve/CVE-2023-2952.html * https://www.suse.com/security/cve/CVE-2023-3648.html * https://bugzilla.suse.com/show_bug.cgi?id=1211703 * https://bugzilla.suse.com/show_bug.cgi?id=1211705 * https://bugzilla.suse.com/show_bug.cgi?id=1211706 * https://bugzilla.suse.com/show_bug.cgi?id=1211707 * https://bugzilla.suse.com/show_bug.cgi?id=1211710 * https://bugzilla.suse.com/show_bug.cgi?id=1211793 * https://bugzilla.suse.com/show_bug.cgi?id=1211844 * https://bugzilla.suse.com/show_bug.cgi?id=1212084 * https://bugzilla.suse.com/show_bug.cgi?id=1213319 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 9 08:59:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 09 Aug 2023 08:59:26 -0000 Subject: SUSE-SU-2023:3251-1: important: Security update for rust1.71 Message-ID: <169157156665.28768.18424254176485079487@smelt2.suse.de> # Security update for rust1.71 Announcement ID: SUSE-SU-2023:3251-1 Rating: important References: * #1213817 Cross-References: * CVE-2023-38497 CVSS scores: * CVE-2023-38497 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38497 ( NVD ): 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for rust1.71 fixes the following issues: Update to version 1.71.1: * CVE-2023-38497: Fixed privilege escalation with Cargo not respecting umask when extracting dependencies (bsc#1213817). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3251=1 openSUSE-SLE-15.4-2023-3251=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3251=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3251=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3251=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cargo1.71-1.71.1-150400.9.6.1 * cargo1.71-debuginfo-1.71.1-150400.9.6.1 * rust1.71-debuginfo-1.71.1-150400.9.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) * rust1.71-1.71.1-150400.9.6.1 * openSUSE Leap 15.4 (nosrc) * rust1.71-test-1.71.1-150400.9.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cargo1.71-1.71.1-150400.9.6.1 * cargo1.71-debuginfo-1.71.1-150400.9.6.1 * rust1.71-debuginfo-1.71.1-150400.9.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.71-1.71.1-150400.9.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cargo1.71-1.71.1-150400.9.6.1 * cargo1.71-debuginfo-1.71.1-150400.9.6.1 * rust1.71-debuginfo-1.71.1-150400.9.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.71-1.71.1-150400.9.6.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cargo1.71-1.71.1-150400.9.6.1 * cargo1.71-debuginfo-1.71.1-150400.9.6.1 * rust1.71-debuginfo-1.71.1-150400.9.6.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.71-1.71.1-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38497.html * https://bugzilla.suse.com/show_bug.cgi?id=1213817 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 9 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 09 Aug 2023 12:30:02 -0000 Subject: SUSE-SU-2023:3257-1: moderate: Security update for pipewire Message-ID: <169158420217.13390.12359996739446865033@smelt2.suse.de> # Security update for pipewire Announcement ID: SUSE-SU-2023:3257-1 Rating: moderate References: * #1213682 Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update for pipewire fixes the following security issues: * Fixed issue where an app which only has permission to access one stream can also access other streams (bsc#1213682). Bugfixes: \- Fixed division by 0 and other issues with invalid values (glfo#pipewire/pipewire#2953) \- Fixed an overflow resulting in choppy sound in some cases (glfo#pipewire/pipewire#2680) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3257=1 openSUSE-SLE-15.5-2023-3257=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3257=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3257=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libpipewire-0_3-0-0.3.64-150500.3.3.1 * pipewire-modules-0_3-debuginfo-0.3.64-150500.3.3.1 * pipewire-modules-0_3-0.3.64-150500.3.3.1 * gstreamer-plugin-pipewire-0.3.64-150500.3.3.1 * pipewire-libjack-0_3-0.3.64-150500.3.3.1 * pipewire-libjack-0_3-debuginfo-0.3.64-150500.3.3.1 * pipewire-tools-debuginfo-0.3.64-150500.3.3.1 * pipewire-spa-plugins-0_2-debuginfo-0.3.64-150500.3.3.1 * pipewire-alsa-debuginfo-0.3.64-150500.3.3.1 * pipewire-tools-0.3.64-150500.3.3.1 * pipewire-debuginfo-0.3.64-150500.3.3.1 * pipewire-doc-0.3.64-150500.3.3.1 * pipewire-spa-tools-0.3.64-150500.3.3.1 * pipewire-alsa-0.3.64-150500.3.3.1 * pipewire-spa-tools-debuginfo-0.3.64-150500.3.3.1 * libpipewire-0_3-0-debuginfo-0.3.64-150500.3.3.1 * pipewire-pulseaudio-debuginfo-0.3.64-150500.3.3.1 * pipewire-module-x11-0_3-0.3.64-150500.3.3.1 * pipewire-debugsource-0.3.64-150500.3.3.1 * pipewire-module-x11-0_3-debuginfo-0.3.64-150500.3.3.1 * pipewire-0.3.64-150500.3.3.1 * gstreamer-plugin-pipewire-debuginfo-0.3.64-150500.3.3.1 * pipewire-libjack-0_3-devel-0.3.64-150500.3.3.1 * pipewire-pulseaudio-0.3.64-150500.3.3.1 * pipewire-spa-plugins-0_2-0.3.64-150500.3.3.1 * pipewire-devel-0.3.64-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * pipewire-libjack-0_3-32bit-0.3.64-150500.3.3.1 * pipewire-alsa-32bit-debuginfo-0.3.64-150500.3.3.1 * pipewire-libjack-0_3-32bit-debuginfo-0.3.64-150500.3.3.1 * libpipewire-0_3-0-32bit-debuginfo-0.3.64-150500.3.3.1 * pipewire-alsa-32bit-0.3.64-150500.3.3.1 * libpipewire-0_3-0-32bit-0.3.64-150500.3.3.1 * pipewire-modules-0_3-32bit-debuginfo-0.3.64-150500.3.3.1 * pipewire-spa-plugins-0_2-32bit-debuginfo-0.3.64-150500.3.3.1 * pipewire-modules-0_3-32bit-0.3.64-150500.3.3.1 * pipewire-spa-plugins-0_2-32bit-0.3.64-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * pipewire-lang-0.3.64-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * pipewire-spa-plugins-0_2-64bit-debuginfo-0.3.64-150500.3.3.1 * libpipewire-0_3-0-64bit-debuginfo-0.3.64-150500.3.3.1 * libpipewire-0_3-0-64bit-0.3.64-150500.3.3.1 * pipewire-alsa-64bit-0.3.64-150500.3.3.1 * pipewire-modules-0_3-64bit-0.3.64-150500.3.3.1 * pipewire-spa-plugins-0_2-64bit-0.3.64-150500.3.3.1 * pipewire-libjack-0_3-64bit-debuginfo-0.3.64-150500.3.3.1 * pipewire-libjack-0_3-64bit-0.3.64-150500.3.3.1 * pipewire-alsa-64bit-debuginfo-0.3.64-150500.3.3.1 * pipewire-modules-0_3-64bit-debuginfo-0.3.64-150500.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * pipewire-debugsource-0.3.64-150500.3.3.1 * pipewire-spa-plugins-0_2-debuginfo-0.3.64-150500.3.3.1 * pipewire-0.3.64-150500.3.3.1 * libpipewire-0_3-0-0.3.64-150500.3.3.1 * gstreamer-plugin-pipewire-debuginfo-0.3.64-150500.3.3.1 * pipewire-spa-tools-debuginfo-0.3.64-150500.3.3.1 * pipewire-tools-0.3.64-150500.3.3.1 * pipewire-modules-0_3-debuginfo-0.3.64-150500.3.3.1 * pipewire-tools-debuginfo-0.3.64-150500.3.3.1 * libpipewire-0_3-0-debuginfo-0.3.64-150500.3.3.1 * pipewire-debuginfo-0.3.64-150500.3.3.1 * pipewire-modules-0_3-0.3.64-150500.3.3.1 * gstreamer-plugin-pipewire-0.3.64-150500.3.3.1 * pipewire-spa-plugins-0_2-0.3.64-150500.3.3.1 * pipewire-spa-tools-0.3.64-150500.3.3.1 * Desktop Applications Module 15-SP5 (noarch) * pipewire-lang-0.3.64-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * pipewire-debugsource-0.3.64-150500.3.3.1 * pipewire-alsa-0.3.64-150500.3.3.1 * pipewire-alsa-debuginfo-0.3.64-150500.3.3.1 * pipewire-libjack-0_3-devel-0.3.64-150500.3.3.1 * pipewire-pulseaudio-0.3.64-150500.3.3.1 * pipewire-debuginfo-0.3.64-150500.3.3.1 * pipewire-doc-0.3.64-150500.3.3.1 * pipewire-libjack-0_3-0.3.64-150500.3.3.1 * pipewire-libjack-0_3-debuginfo-0.3.64-150500.3.3.1 * pipewire-pulseaudio-debuginfo-0.3.64-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (noarch) * pipewire-lang-0.3.64-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213682 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 9 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 09 Aug 2023 12:30:04 -0000 Subject: SUSE-SU-2023:3256-1: moderate: Security update for pipewire Message-ID: <169158420441.13390.4125093781277147861@smelt2.suse.de> # Security update for pipewire Announcement ID: SUSE-SU-2023:3256-1 Rating: moderate References: * #1213682 Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has one fix can now be installed. ## Description: This update for pipewire fixes the following security issues: * Fixed issue where an app which only has permission to access one stream can also access other streams (bsc#1213682). Bugfixes: \- Fixed division by 0 and other issues with invalid values (glfo#pipewire/pipewire#2953) \- Fixed an overflow resulting in choppy sound in some cases (glfo#pipewire/pipewire#2680) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3256=1 openSUSE-SLE-15.4-2023-3256=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3256=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3256=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libpipewire-0_3-0-0.3.49-150400.3.3.1 * pipewire-0.3.49-150400.3.3.1 * pipewire-modules-0_3-0.3.49-150400.3.3.1 * pipewire-libjack-0_3-debuginfo-0.3.49-150400.3.3.1 * pipewire-alsa-debuginfo-0.3.49-150400.3.3.1 * pipewire-pulseaudio-debuginfo-0.3.49-150400.3.3.1 * pipewire-spa-plugins-0_2-debuginfo-0.3.49-150400.3.3.1 * pipewire-spa-plugins-0_2-0.3.49-150400.3.3.1 * pipewire-doc-0.3.49-150400.3.3.1 * pipewire-spa-tools-0.3.49-150400.3.3.1 * libpipewire-0_3-0-debuginfo-0.3.49-150400.3.3.1 * pipewire-alsa-0.3.49-150400.3.3.1 * pipewire-modules-0_3-debuginfo-0.3.49-150400.3.3.1 * pipewire-devel-0.3.49-150400.3.3.1 * pipewire-tools-0.3.49-150400.3.3.1 * pipewire-pulseaudio-0.3.49-150400.3.3.1 * gstreamer-plugin-pipewire-debuginfo-0.3.49-150400.3.3.1 * pipewire-debugsource-0.3.49-150400.3.3.1 * gstreamer-plugin-pipewire-0.3.49-150400.3.3.1 * pipewire-libjack-0_3-0.3.49-150400.3.3.1 * pipewire-spa-tools-debuginfo-0.3.49-150400.3.3.1 * pipewire-debuginfo-0.3.49-150400.3.3.1 * pipewire-libjack-0_3-devel-0.3.49-150400.3.3.1 * pipewire-tools-debuginfo-0.3.49-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * pipewire-modules-0_3-32bit-debuginfo-0.3.49-150400.3.3.1 * libpipewire-0_3-0-32bit-debuginfo-0.3.49-150400.3.3.1 * pipewire-modules-0_3-32bit-0.3.49-150400.3.3.1 * pipewire-libjack-0_3-32bit-0.3.49-150400.3.3.1 * pipewire-spa-plugins-0_2-32bit-debuginfo-0.3.49-150400.3.3.1 * pipewire-alsa-32bit-debuginfo-0.3.49-150400.3.3.1 * pipewire-libjack-0_3-32bit-debuginfo-0.3.49-150400.3.3.1 * pipewire-spa-plugins-0_2-32bit-0.3.49-150400.3.3.1 * libpipewire-0_3-0-32bit-0.3.49-150400.3.3.1 * pipewire-alsa-32bit-0.3.49-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * pipewire-lang-0.3.49-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * pipewire-spa-plugins-0_2-64bit-0.3.49-150400.3.3.1 * pipewire-libjack-0_3-64bit-0.3.49-150400.3.3.1 * pipewire-modules-0_3-64bit-0.3.49-150400.3.3.1 * pipewire-libjack-0_3-64bit-debuginfo-0.3.49-150400.3.3.1 * pipewire-spa-plugins-0_2-64bit-debuginfo-0.3.49-150400.3.3.1 * pipewire-alsa-64bit-debuginfo-0.3.49-150400.3.3.1 * libpipewire-0_3-0-64bit-debuginfo-0.3.49-150400.3.3.1 * pipewire-alsa-64bit-0.3.49-150400.3.3.1 * libpipewire-0_3-0-64bit-0.3.49-150400.3.3.1 * pipewire-modules-0_3-64bit-debuginfo-0.3.49-150400.3.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * pipewire-debugsource-0.3.49-150400.3.3.1 * pipewire-spa-plugins-0_2-debuginfo-0.3.49-150400.3.3.1 * pipewire-modules-0_3-debuginfo-0.3.49-150400.3.3.1 * gstreamer-plugin-pipewire-0.3.49-150400.3.3.1 * pipewire-spa-tools-debuginfo-0.3.49-150400.3.3.1 * pipewire-spa-plugins-0_2-0.3.49-150400.3.3.1 * pipewire-debuginfo-0.3.49-150400.3.3.1 * pipewire-0.3.49-150400.3.3.1 * libpipewire-0_3-0-debuginfo-0.3.49-150400.3.3.1 * libpipewire-0_3-0-0.3.49-150400.3.3.1 * pipewire-modules-0_3-0.3.49-150400.3.3.1 * pipewire-tools-0.3.49-150400.3.3.1 * pipewire-spa-tools-0.3.49-150400.3.3.1 * gstreamer-plugin-pipewire-debuginfo-0.3.49-150400.3.3.1 * pipewire-tools-debuginfo-0.3.49-150400.3.3.1 * Desktop Applications Module 15-SP4 (noarch) * pipewire-lang-0.3.49-150400.3.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * pipewire-debugsource-0.3.49-150400.3.3.1 * pipewire-alsa-0.3.49-150400.3.3.1 * pipewire-pulseaudio-debuginfo-0.3.49-150400.3.3.1 * pipewire-libjack-0_3-0.3.49-150400.3.3.1 * pipewire-doc-0.3.49-150400.3.3.1 * pipewire-debuginfo-0.3.49-150400.3.3.1 * pipewire-libjack-0_3-devel-0.3.49-150400.3.3.1 * pipewire-pulseaudio-0.3.49-150400.3.3.1 * pipewire-libjack-0_3-debuginfo-0.3.49-150400.3.3.1 * pipewire-alsa-debuginfo-0.3.49-150400.3.3.1 * SUSE Package Hub 15 15-SP4 (noarch) * pipewire-lang-0.3.49-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213682 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 9 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 09 Aug 2023 12:30:06 -0000 Subject: SUSE-SU-2023:3255-1: moderate: Security update for rubygem-actionpack-4_2 Message-ID: <169158420664.13390.6746874886515570416@smelt2.suse.de> # Security update for rubygem-actionpack-4_2 Announcement ID: SUSE-SU-2023:3255-1 Rating: moderate References: * #1213312 Cross-References: * CVE-2023-28362 CVSS scores: * CVE-2023-28362 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud Crowbar 8 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for rubygem-actionpack-4_2 fixes the following issues: * CVE-2023-28362: Fixed XSS via User Supplied Values to redirect_to (bsc#1213312). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-3255=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3255=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (x86_64) * ruby2.1-rubygem-actionpack-4_2-4.2.9-7.18.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ruby2.1-rubygem-actionpack-4_2-4.2.9-7.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28362.html * https://bugzilla.suse.com/show_bug.cgi?id=1213312 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 9 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 09 Aug 2023 12:30:08 -0000 Subject: SUSE-RU-2023:3253-1: moderate: Recommended update for bind Message-ID: <169158420883.13390.5994570827965953686@smelt2.suse.de> # Recommended update for bind Announcement ID: SUSE-RU-2023:3253-1 Rating: moderate References: * #1213049 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for bind fixes the following issues: * Add dnstap support (jsc#PED-4852) * Log named-checkconf output (bsc#1213049) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3253=1 openSUSE-SLE-15.5-2023-3253=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3253=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3253=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * bind-utils-debuginfo-9.16.42-150500.8.7.1 * bind-9.16.42-150500.8.7.1 * bind-debuginfo-9.16.42-150500.8.7.1 * bind-debugsource-9.16.42-150500.8.7.1 * bind-utils-9.16.42-150500.8.7.1 * openSUSE Leap 15.5 (noarch) * bind-doc-9.16.42-150500.8.7.1 * python3-bind-9.16.42-150500.8.7.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * bind-utils-debuginfo-9.16.42-150500.8.7.1 * bind-debuginfo-9.16.42-150500.8.7.1 * bind-debugsource-9.16.42-150500.8.7.1 * bind-utils-9.16.42-150500.8.7.1 * Basesystem Module 15-SP5 (noarch) * python3-bind-9.16.42-150500.8.7.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * bind-9.16.42-150500.8.7.1 * bind-debuginfo-9.16.42-150500.8.7.1 * bind-debugsource-9.16.42-150500.8.7.1 * Server Applications Module 15-SP5 (noarch) * bind-doc-9.16.42-150500.8.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213049 * https://jira.suse.com/browse/PED-4852 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 9 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 09 Aug 2023 16:30:01 -0000 Subject: SUSE-RU-2023:3258-1: moderate: Recommended update for trento-agent, trento-server-installer Message-ID: <169159860175.14490.4734038765350622912@smelt2.suse.de> # Recommended update for trento-agent, trento-server-installer Announcement ID: SUSE-RU-2023:3258-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP1 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for trento-agent, trento-server-installer fixes the following issues: * Release 2.1.0 (https://github.com/trento- project/agent/compare/2.0.0...2.1.0) * bump contracts version (#233) * Send an empty payload if a cluster was not found (#227) * Cloned VMs in VMware have all the same uuid (#223) * Release 2.0.0 (https://github.com/trento- project/agent/compare/1.2.0...2.0.0) * Parse durations in cibadmin gatherer (#204) * Add ability to detect if running on `VMware` system (#193) * Pin web api version to v1 (#186) * Multiversion package support (#181) * Pretty print fact values (#176) * Unhide facts service url flag (#172) * Add version comparison functionality for package_version (#169) * Make `corosynccmapctl` gatherer output a map structure (#168) * Add initial support to verify the password for the hacluster user (#164) * Add argument validation for gatherers that require it (#162) * Hidden agent id flag (#160) * Sbd dump gatherer (#156) * Retrieve agent id command (#154) * Port cibadmin gatherer (#149) * Restructure project folders structure (#147) * Generic get value (#146) * Refactor sbd loading (#145) * Corosynccmap ctl gatherer port (#144) * Refactor sbd gatherer (#141) * Packageversion gatherer (#140) * Port systemd gatherer (#139) * Gather all hosts entries when no arg is provided (#137) * Add FactValue type (#133) * Implement /etc/hosts file gatherer (#78) * Implement saphostctrl gatherer (#71) * Fix getValue function when map is empty (#218) * Cibadmin meta attributes to list (#211) * Fix broken zypper output parsing in package_version due to `\n` (#173) * Handle `CorosyncCmapctlGatherer` receiving empty lines (#171) * Fix cluster_property_set parsing (#170) * Fix list conversion issues in the xml gatherer (#157) * Fix special lists usage in corosyncconf gatherer (#155) * Remove ssh address references (#174) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3258=1 * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-3258=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-3258=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-3258=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-3258=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3258=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * trento-agent-2.1.0-150100.3.6.1 * openSUSE Leap 15.5 (noarch) * trento-server-installer-2.1.0-150100.3.6.1 * SAP Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64) * trento-agent-2.1.0-150100.3.6.1 * SAP Applications Module 15-SP1 (noarch) * trento-server-installer-2.1.0-150100.3.6.1 * SAP Applications Module 15-SP2 (aarch64 ppc64le s390x x86_64) * trento-agent-2.1.0-150100.3.6.1 * SAP Applications Module 15-SP2 (noarch) * trento-server-installer-2.1.0-150100.3.6.1 * SAP Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64) * trento-agent-2.1.0-150100.3.6.1 * SAP Applications Module 15-SP3 (noarch) * trento-server-installer-2.1.0-150100.3.6.1 * SAP Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * trento-agent-2.1.0-150100.3.6.1 * SAP Applications Module 15-SP4 (noarch) * trento-server-installer-2.1.0-150100.3.6.1 * SAP Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * trento-agent-2.1.0-150100.3.6.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 07:03:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:03:17 +0200 (CEST) Subject: SUSE-CU-2023:2544-1: Security update of suse/389-ds Message-ID: <20230810070317.1AA39FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2544-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.35 , suse/389-ds:latest Container Release : 14.35 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:03:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:03:25 +0200 (CEST) Subject: SUSE-CU-2023:2545-1: Security update of bci/dotnet-aspnet Message-ID: <20230810070325.9E187FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2545-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-10.21 , bci/dotnet-aspnet:6.0.20 , bci/dotnet-aspnet:6.0.20-10.21 Container Release : 10.21 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:03:33 +0200 (CEST) Subject: SUSE-CU-2023:2546-1: Security update of bci/dotnet-aspnet Message-ID: <20230810070333.2715AFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2546-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.21 , bci/dotnet-aspnet:7.0.9 , bci/dotnet-aspnet:7.0.9-10.21 , bci/dotnet-aspnet:latest Container Release : 10.21 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:03:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:03:38 +0200 (CEST) Subject: SUSE-CU-2023:2547-1: Security update of suse/registry Message-ID: <20230810070338.B69A2FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2547-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.15 , suse/registry:latest Container Release : 14.15 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated From sle-updates at lists.suse.com Thu Aug 10 07:03:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:03:48 +0200 (CEST) Subject: SUSE-CU-2023:2548-1: Security update of bci/dotnet-sdk Message-ID: <20230810070348.73FF7FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2548-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-9.21 , bci/dotnet-sdk:6.0.20 , bci/dotnet-sdk:6.0.20-9.21 Container Release : 9.21 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:03:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:03:58 +0200 (CEST) Subject: SUSE-CU-2023:2549-1: Security update of bci/dotnet-sdk Message-ID: <20230810070358.21C52FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2549-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.21 , bci/dotnet-sdk:7.0.9 , bci/dotnet-sdk:7.0.9-11.21 , bci/dotnet-sdk:latest Container Release : 11.21 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:04:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:04:06 +0200 (CEST) Subject: SUSE-CU-2023:2550-1: Security update of bci/dotnet-runtime Message-ID: <20230810070406.78664FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2550-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-9.21 , bci/dotnet-runtime:6.0.20 , bci/dotnet-runtime:6.0.20-9.21 Container Release : 9.21 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:04:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:04:15 +0200 (CEST) Subject: SUSE-CU-2023:2551-1: Security update of bci/dotnet-runtime Message-ID: <20230810070415.BB587FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2551-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.21 , bci/dotnet-runtime:7.0.9 , bci/dotnet-runtime:7.0.9-11.21 , bci/dotnet-runtime:latest Container Release : 11.21 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:04:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:04:23 +0200 (CEST) Subject: SUSE-CU-2023:2552-1: Security update of bci/golang Message-ID: <20230810070423.A57C2FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2552-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.8.1 , bci/golang:oldstable , bci/golang:oldstable-2.8.1 Container Release : 8.1 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - go1.19-doc-1.19.11-150000.1.37.1 added - go1.19-race-1.19.11-150000.1.37.1 added - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:04:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:04:33 +0200 (CEST) Subject: SUSE-CU-2023:2553-1: Security update of bci/golang Message-ID: <20230810070433.8E0A8FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2553-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.9.1 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.9.1 Container Release : 9.1 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - go1.20-doc-1.20.7-150000.1.20.1 added - go1.20-race-1.20.7-150000.1.20.1 added - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:04:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:04:43 +0200 (CEST) Subject: SUSE-CU-2023:2554-1: Security update of bci/bci-init Message-ID: <20230810070443.30C1EFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2554-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.34 , bci/bci-init:latest Container Release : 8.34 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:04:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:04:52 +0200 (CEST) Subject: SUSE-CU-2023:2555-1: Security update of bci/nodejs Message-ID: <20230810070452.05904FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2555-1 Container Tags : bci/node:16 , bci/node:16-9.25 , bci/nodejs:16 , bci/nodejs:16-9.25 Container Release : 9.25 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:05:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:05:02 +0200 (CEST) Subject: SUSE-CU-2023:2556-1: Security update of bci/nodejs Message-ID: <20230810070502.92952FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2556-1 Container Tags : bci/node:18 , bci/node:18-9.8 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-9.8 , bci/nodejs:latest Container Release : 9.8 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:05:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:05:13 +0200 (CEST) Subject: SUSE-CU-2023:2557-1: Security update of bci/openjdk-devel Message-ID: <20230810070513.DA7F6FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2557-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.48 Container Release : 8.48 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - container:bci-openjdk-11-15.5.11-9.24 updated From sle-updates at lists.suse.com Thu Aug 10 07:05:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:05:23 +0200 (CEST) Subject: SUSE-CU-2023:2558-1: Security update of bci/openjdk Message-ID: <20230810070523.9576AFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2558-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.24 Container Release : 9.24 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:05:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:05:34 +0200 (CEST) Subject: SUSE-CU-2023:2559-1: Security update of bci/openjdk-devel Message-ID: <20230810070534.2E6E2FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2559-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.45 , bci/openjdk-devel:latest Container Release : 10.45 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - container:bci-openjdk-17-15.5.17-10.24 updated From sle-updates at lists.suse.com Thu Aug 10 07:05:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:05:44 +0200 (CEST) Subject: SUSE-CU-2023:2560-1: Security update of bci/openjdk Message-ID: <20230810070544.84E9AFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2560-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.24 , bci/openjdk:latest Container Release : 10.24 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:05:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:05:52 +0200 (CEST) Subject: SUSE-CU-2023:2561-1: Security update of suse/pcp Message-ID: <20230810070552.AEFADFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2561-1 Container Tags : suse/pcp:5 , suse/pcp:5-13.14 , suse/pcp:5.2 , suse/pcp:5.2-13.14 , suse/pcp:5.2.5 , suse/pcp:5.2.5-13.14 , suse/pcp:latest Container Release : 13.14 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:bci-bci-init-15.5-15.5-8.34 updated From sle-updates at lists.suse.com Thu Aug 10 07:06:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:06:01 +0200 (CEST) Subject: SUSE-CU-2023:2562-1: Security update of bci/php-apache Message-ID: <20230810070601.01FC7FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2562-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.23 Container Release : 6.23 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:06:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:06:09 +0200 (CEST) Subject: SUSE-CU-2023:2563-1: Security update of bci/php Message-ID: <20230810070609.1994FFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2563-1 Container Tags : bci/php:8 , bci/php:8-6.23 Container Release : 6.23 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 07:06:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 09:06:14 +0200 (CEST) Subject: SUSE-CU-2023:2564-1: Security update of suse/postgres Message-ID: <20230810070614.B3893FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2564-1 Container Tags : suse/postgres:14 , suse/postgres:14-12.25 , suse/postgres:14.8 , suse/postgres:14.8-12.25 Container Release : 12.25 Severity : moderate Type : security References : 1211079 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 14:31:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 16:31:23 +0200 (CEST) Subject: SUSE-CU-2023:2564-1: Security update of suse/postgres Message-ID: <20230810143123.598E8FD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2564-1 Container Tags : suse/postgres:14 , suse/postgres:14-12.25 , suse/postgres:14.8 , suse/postgres:14.8-12.25 Container Release : 12.25 Severity : moderate Type : security References : 1211079 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcryptsetup12-hmac-2.4.3-150400.3.3.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 14:31:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 16:31:30 +0200 (CEST) Subject: SUSE-CU-2023:2565-1: Security update of suse/postgres Message-ID: <20230810143130.5E4A8FD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2565-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.25 , suse/postgres:15.3 , suse/postgres:15.3-9.25 , suse/postgres:latest Container Release : 9.25 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 14:31:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 16:31:41 +0200 (CEST) Subject: SUSE-CU-2023:2566-1: Security update of bci/python Message-ID: <20230810143141.035D5FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2566-1 Container Tags : bci/python:3 , bci/python:3-8.32 , bci/python:3.11 , bci/python:3.11-8.32 , bci/python:latest Container Release : 8.32 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 14:31:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 16:31:51 +0200 (CEST) Subject: SUSE-CU-2023:2567-1: Security update of bci/python Message-ID: <20230810143151.04C9EFD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2567-1 Container Tags : bci/python:3 , bci/python:3-10.29 , bci/python:3.6 , bci/python:3.6-10.29 Container Release : 10.29 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 14:31:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 16:31:58 +0200 (CEST) Subject: SUSE-CU-2023:2568-1: Security update of bci/ruby Message-ID: <20230810143158.E1672FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2568-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.22 , bci/ruby:2.5 , bci/ruby:2.5-10.22 , bci/ruby:latest Container Release : 10.22 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 14:32:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 16:32:09 +0200 (CEST) Subject: SUSE-CU-2023:2569-1: Security update of bci/rust Message-ID: <20230810143209.963D2FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2569-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-2.9.7 , bci/rust:oldstable , bci/rust:oldstable-2.9.7 Container Release : 9.7 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 14:32:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 16:32:20 +0200 (CEST) Subject: SUSE-CU-2023:2570-1: Security update of bci/rust Message-ID: <20230810143220.7D372FD9F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2570-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-1.10.8 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.10.8 Container Release : 10.8 Severity : important Type : security References : 1213817 1213853 CVE-2023-3817 CVE-2023-38497 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3251-1 Released: Tue Aug 8 22:15:14 2023 Summary: Security update for rust1.71 Type: security Severity: important References: 1213817,CVE-2023-38497 This update for rust1.71 fixes the following issues: Update to version 1.71.1: - CVE-2023-38497: Fixed privilege escalation with Cargo not respecting umask when extracting dependencies (bsc#1213817). The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - rust1.71-1.71.1-150400.9.6.1 updated - cargo1.71-1.71.1-150400.9.6.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Thu Aug 10 14:32:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 16:32:28 +0200 (CEST) Subject: SUSE-CU-2023:2571-1: Security update of suse/sle15 Message-ID: <20230810143228.53C6AFD9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2571-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.22 , suse/sle15:15.5 , suse/sle15:15.5.36.5.22 Container Release : 36.5.22 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - libopenssl1_1-1.1.1l-150500.17.15.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated From sle-updates at lists.suse.com Thu Aug 10 17:09:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:09:45 -0000 Subject: SUSE-RU-2023:0335-2: moderate: Recommended update for hyper-v Message-ID: <169168738587.9868.14013476166472275525@smelt2.suse.de> # Recommended update for hyper-v Announcement ID: SUSE-RU-2023:0335-2 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for hyper-v fixes the following issues: * Provide the latest version for SLE-15-SP4. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-335=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-335=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-335=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-335=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-335=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-335=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-335=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-335=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-335=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-335=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-335=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-335=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-335=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-335=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * openSUSE Leap Micro 5.4 (x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * openSUSE Leap 15.5 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 * openSUSE Leap Micro 5.3 (x86_64) * hyper-v-debugsource-8-150200.14.8.1 * hyper-v-8-150200.14.8.1 * hyper-v-debuginfo-8-150200.14.8.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 17:09:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:09:49 -0000 Subject: SUSE-SU-2023:3268-1: important: Security update for util-linux Message-ID: <169168738934.9868.10393499327569625849@smelt2.suse.de> # Security update for util-linux Announcement ID: SUSE-SU-2023:3268-1 Rating: important References: * #1084300 * #1194038 * #1213865 Cross-References: * CVE-2018-7738 CVSS scores: * CVE-2018-7738 ( SUSE ): 8.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2018-7738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for util-linux fixes the following issues: * CVE-2018-7738: Fixed shell code injection in umount bash-completions. (bsc#1213865, bsc#1084300) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3268=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3268=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3268=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3268=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3268=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libsmartcols-devel-2.33.2-4.33.1 * util-linux-debuginfo-2.33.2-4.33.1 * libblkid-devel-2.33.2-4.33.1 * util-linux-debugsource-2.33.2-4.33.1 * libuuid-devel-2.33.2-4.33.1 * libmount-devel-2.33.2-4.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libuuid1-2.33.2-4.33.1 * libuuid1-debuginfo-2.33.2-4.33.1 * libmount1-2.33.2-4.33.1 * python-libmount-debuginfo-2.33.2-4.33.1 * uuidd-2.33.2-4.33.1 * util-linux-systemd-debugsource-2.33.2-4.33.1 * util-linux-systemd-debuginfo-2.33.2-4.33.1 * util-linux-debugsource-2.33.2-4.33.1 * libmount1-debuginfo-2.33.2-4.33.1 * libsmartcols1-2.33.2-4.33.1 * libfdisk1-debuginfo-2.33.2-4.33.1 * python-libmount-debugsource-2.33.2-4.33.1 * uuidd-debuginfo-2.33.2-4.33.1 * libsmartcols1-debuginfo-2.33.2-4.33.1 * libblkid1-2.33.2-4.33.1 * python-libmount-2.33.2-4.33.1 * libblkid1-debuginfo-2.33.2-4.33.1 * util-linux-systemd-2.33.2-4.33.1 * libfdisk1-2.33.2-4.33.1 * util-linux-debuginfo-2.33.2-4.33.1 * util-linux-2.33.2-4.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * util-linux-lang-2.33.2-4.33.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libmount1-debuginfo-32bit-2.33.2-4.33.1 * libuuid1-32bit-2.33.2-4.33.1 * libblkid1-32bit-2.33.2-4.33.1 * libblkid1-debuginfo-32bit-2.33.2-4.33.1 * libmount1-32bit-2.33.2-4.33.1 * libuuid1-debuginfo-32bit-2.33.2-4.33.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libuuid1-2.33.2-4.33.1 * libuuid1-debuginfo-2.33.2-4.33.1 * libmount1-2.33.2-4.33.1 * python-libmount-debuginfo-2.33.2-4.33.1 * uuidd-2.33.2-4.33.1 * util-linux-systemd-debugsource-2.33.2-4.33.1 * util-linux-systemd-debuginfo-2.33.2-4.33.1 * util-linux-debugsource-2.33.2-4.33.1 * libmount1-debuginfo-2.33.2-4.33.1 * libsmartcols1-2.33.2-4.33.1 * libfdisk1-debuginfo-2.33.2-4.33.1 * python-libmount-debugsource-2.33.2-4.33.1 * uuidd-debuginfo-2.33.2-4.33.1 * libsmartcols1-debuginfo-2.33.2-4.33.1 * libblkid1-2.33.2-4.33.1 * python-libmount-2.33.2-4.33.1 * libblkid1-debuginfo-2.33.2-4.33.1 * util-linux-systemd-2.33.2-4.33.1 * libfdisk1-2.33.2-4.33.1 * util-linux-debuginfo-2.33.2-4.33.1 * util-linux-2.33.2-4.33.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * util-linux-lang-2.33.2-4.33.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libmount1-debuginfo-32bit-2.33.2-4.33.1 * libuuid1-32bit-2.33.2-4.33.1 * libblkid1-32bit-2.33.2-4.33.1 * libblkid1-debuginfo-32bit-2.33.2-4.33.1 * libmount1-32bit-2.33.2-4.33.1 * libuuid1-debuginfo-32bit-2.33.2-4.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libuuid1-2.33.2-4.33.1 * libuuid1-debuginfo-2.33.2-4.33.1 * libmount1-2.33.2-4.33.1 * python-libmount-debuginfo-2.33.2-4.33.1 * uuidd-2.33.2-4.33.1 * util-linux-systemd-debugsource-2.33.2-4.33.1 * util-linux-systemd-debuginfo-2.33.2-4.33.1 * util-linux-debugsource-2.33.2-4.33.1 * libmount1-debuginfo-2.33.2-4.33.1 * libsmartcols1-2.33.2-4.33.1 * libfdisk1-debuginfo-2.33.2-4.33.1 * python-libmount-debugsource-2.33.2-4.33.1 * uuidd-debuginfo-2.33.2-4.33.1 * libsmartcols1-debuginfo-2.33.2-4.33.1 * libblkid1-2.33.2-4.33.1 * python-libmount-2.33.2-4.33.1 * libblkid1-debuginfo-2.33.2-4.33.1 * util-linux-systemd-2.33.2-4.33.1 * libfdisk1-2.33.2-4.33.1 * util-linux-debuginfo-2.33.2-4.33.1 * util-linux-2.33.2-4.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * util-linux-lang-2.33.2-4.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libmount1-debuginfo-32bit-2.33.2-4.33.1 * libuuid1-32bit-2.33.2-4.33.1 * libblkid1-32bit-2.33.2-4.33.1 * libblkid1-debuginfo-32bit-2.33.2-4.33.1 * libmount1-32bit-2.33.2-4.33.1 * libuuid1-debuginfo-32bit-2.33.2-4.33.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * util-linux-debuginfo-2.33.2-4.33.1 * util-linux-debugsource-2.33.2-4.33.1 * libuuid-devel-2.33.2-4.33.1 ## References: * https://www.suse.com/security/cve/CVE-2018-7738.html * https://bugzilla.suse.com/show_bug.cgi?id=1084300 * https://bugzilla.suse.com/show_bug.cgi?id=1194038 * https://bugzilla.suse.com/show_bug.cgi?id=1213865 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 17:09:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:09:51 -0000 Subject: SUSE-SU-2023:3267-1: important: Security update for gstreamer-plugins-bad Message-ID: <169168739160.9868.7029028605716334710@smelt2.suse.de> # Security update for gstreamer-plugins-bad Announcement ID: SUSE-SU-2023:3267-1 Rating: important References: * #1213126 Cross-References: * CVE-2023-37329 CVSS scores: * CVE-2023-37329 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-37329: Fixed a heap overwrite in PGS subtitle overlay decoder which might trigger a crash or remote code execution. (bsc#1213126) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3267=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3267=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3267=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3267=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3267=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3267=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3267=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3267=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libgstwebrtc-1_0-0-1.16.3-150300.9.6.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-1.16.3-150300.9.6.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.6.2 * libgstplayer-1_0-0-1.16.3-150300.9.6.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.6.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.6.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.6.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.6.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.6.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.6.2 * libgstmpegts-1_0-0-1.16.3-150300.9.6.2 * libgstwayland-1_0-0-1.16.3-150300.9.6.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.6.2 * libgstisoff-1_0-0-1.16.3-150300.9.6.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.6.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-1.16.3-150300.9.6.2 * libgstsctp-1_0-0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.6.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.6.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.6.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.6.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libgstwebrtc-1_0-0-1.16.3-150300.9.6.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-1.16.3-150300.9.6.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.6.2 * libgstplayer-1_0-0-1.16.3-150300.9.6.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.6.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.6.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.6.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.6.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.6.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.6.2 * libgstmpegts-1_0-0-1.16.3-150300.9.6.2 * libgstwayland-1_0-0-1.16.3-150300.9.6.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.6.2 * libgstisoff-1_0-0-1.16.3-150300.9.6.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.6.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-1.16.3-150300.9.6.2 * libgstsctp-1_0-0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.6.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.6.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.6.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.6.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libgstwebrtc-1_0-0-1.16.3-150300.9.6.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-1.16.3-150300.9.6.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.6.2 * libgstplayer-1_0-0-1.16.3-150300.9.6.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.6.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.6.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.6.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.6.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.6.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.6.2 * libgstmpegts-1_0-0-1.16.3-150300.9.6.2 * libgstwayland-1_0-0-1.16.3-150300.9.6.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.6.2 * libgstisoff-1_0-0-1.16.3-150300.9.6.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.6.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-1.16.3-150300.9.6.2 * libgstsctp-1_0-0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.6.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.6.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.6.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.6.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libgstwebrtc-1_0-0-1.16.3-150300.9.6.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-1.16.3-150300.9.6.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.6.2 * libgstplayer-1_0-0-1.16.3-150300.9.6.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.6.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.6.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.6.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.6.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.6.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.6.2 * libgstmpegts-1_0-0-1.16.3-150300.9.6.2 * libgstwayland-1_0-0-1.16.3-150300.9.6.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.6.2 * libgstisoff-1_0-0-1.16.3-150300.9.6.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.6.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-1.16.3-150300.9.6.2 * libgstsctp-1_0-0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.6.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.6.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.6.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.6.2 * SUSE Manager Proxy 4.2 (x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.6.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.6.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.6.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libgstwebrtc-1_0-0-1.16.3-150300.9.6.2 * libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-1.16.3-150300.9.6.2 * typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.6.2 * libgstplayer-1_0-0-1.16.3-150300.9.6.2 * libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstbadaudio-1_0-0-1.16.3-150300.9.6.2 * libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-devel-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.6.2 * libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.6.2 * libgstinsertbin-1_0-0-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.6.2 * libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.6.2 * gstreamer-plugins-bad-debugsource-1.16.3-150300.9.6.2 * libgstcodecparsers-1_0-0-1.16.3-150300.9.6.2 * libgstmpegts-1_0-0-1.16.3-150300.9.6.2 * libgstwayland-1_0-0-1.16.3-150300.9.6.2 * libgstadaptivedemux-1_0-0-1.16.3-150300.9.6.2 * libgstisoff-1_0-0-1.16.3-150300.9.6.2 * libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgsturidownloader-1_0-0-1.16.3-150300.9.6.2 * libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-1.16.3-150300.9.6.2 * libgstsctp-1_0-0-1.16.3-150300.9.6.2 * libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.6.2 * typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.6.2 * libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.6.2 * libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.6.2 * libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.6.2 * SUSE Enterprise Storage 7.1 (noarch) * gstreamer-plugins-bad-lang-1.16.3-150300.9.6.2 ## References: * https://www.suse.com/security/cve/CVE-2023-37329.html * https://bugzilla.suse.com/show_bug.cgi?id=1213126 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 17:09:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:09:54 -0000 Subject: SUSE-SU-2023:3266-1: important: Security update for gstreamer-plugins-good Message-ID: <169168739401.9868.8851194861435486746@smelt2.suse.de> # Security update for gstreamer-plugins-good Announcement ID: SUSE-SU-2023:3266-1 Rating: important References: * #1213128 Cross-References: * CVE-2023-37327 CVSS scores: * CVE-2023-37327 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-good fixes the following issues: * CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3266=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3266=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3266=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3266=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3266=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3266=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3266=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3266=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3266=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3266=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3266=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3266=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 * SUSE Manager Proxy 4.2 (x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Manager Proxy 4.2 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Manager Server 4.2 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Enterprise Storage 7.1 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-good-doc-1.16.3-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * gstreamer-plugins-good-debugsource-1.16.3-150200.3.12.1 * gstreamer-plugins-good-debuginfo-1.16.3-150200.3.12.1 * gstreamer-plugins-good-1.16.3-150200.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gstreamer-plugins-good-lang-1.16.3-150200.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37327.html * https://bugzilla.suse.com/show_bug.cgi?id=1213128 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 17:09:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:09:57 -0000 Subject: SUSE-SU-2023:3265-1: important: Security update for gstreamer-plugins-base Message-ID: <169168739713.9868.1046758731239403671@smelt2.suse.de> # Security update for gstreamer-plugins-base Announcement ID: SUSE-SU-2023:3265-1 Rating: important References: * #1213128 * #1213131 Cross-References: * CVE-2023-37327 * CVE-2023-37328 CVSS scores: * CVE-2023-37327 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-37328 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-base fixes the following issues: * CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). * CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS (bsc#1213131). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3265=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3265=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3265=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3265=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3265=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3265=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3265=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3265=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3265=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3265=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3265=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3265=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3265=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3265=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-base-doc-1.16.3-150200.4.9.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Manager Proxy 4.2 (x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Manager Proxy 4.2 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Manager Server 4.2 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libgstfft-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstfft-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstPbutils-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-1.16.3-150200.4.9.2 * libgstrtp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * libgstrtsp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-devel-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstTag-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstAudio-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstGL-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstApp-1_0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstAllocators-1_0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstsdp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * typelib-1_0-GstVideo-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtsp-1_0-1.16.3-150200.4.9.2 * typelib-1_0-GstSdp-1_0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * typelib-1_0-GstRtp-1_0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * SUSE Enterprise Storage 7.1 (noarch) * gstreamer-plugins-base-lang-1.16.3-150200.4.9.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libgstaudio-1_0-0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstgl-1_0-0-1.16.3-150200.4.9.2 * libgstgl-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstapp-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-1.16.3-150200.4.9.2 * libgstriff-1_0-0-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debuginfo-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-1.16.3-150200.4.9.2 * libgstpbutils-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgsttag-1_0-0-1.16.3-150200.4.9.2 * libgstvideo-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-1.16.3-150200.4.9.2 * libgstaudio-1_0-0-debuginfo-1.16.3-150200.4.9.2 * libgstallocators-1_0-0-1.16.3-150200.4.9.2 * libgsttag-1_0-0-debuginfo-1.16.3-150200.4.9.2 * gstreamer-plugins-base-debugsource-1.16.3-150200.4.9.2 ## References: * https://www.suse.com/security/cve/CVE-2023-37327.html * https://www.suse.com/security/cve/CVE-2023-37328.html * https://bugzilla.suse.com/show_bug.cgi?id=1213128 * https://bugzilla.suse.com/show_bug.cgi?id=1213131 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 17:10:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:10:01 -0000 Subject: SUSE-SU-2023:2640-1: important: Security update for vim Message-ID: <169168740134.9868.13816443961700752884@smelt2.suse.de> # Security update for vim Announcement ID: SUSE-SU-2023:2640-1 Rating: important References: * #1210996 * #1211256 * #1211257 Cross-References: * CVE-2023-2426 * CVE-2023-2609 * CVE-2023-2610 CVSS scores: * CVE-2023-2426 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2023-2426 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2426 ( NVD ): 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2023-2609 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2609 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2609 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2023-2610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2610 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). * CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). * CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2640=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-2640=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2640=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2640=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2640=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2640=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2640=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2640=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2640=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2640=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2640=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2640=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2640=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2640=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2640=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2640=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2640=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2640=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2640=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2640=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2640=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2640=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2640=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2640=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2640=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2640=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2640=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2640=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * vim-data-common-9.0.1572-150000.5.46.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-small-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * openSUSE Leap Micro 5.4 (noarch) * vim-data-common-9.0.1572-150000.5.46.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-small-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * vim-small-9.0.1572-150000.5.46.1 * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * openSUSE Leap 15.4 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-small-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-small-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-small-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-small-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-small-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * Basesystem Module 15-SP4 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * vim-small-9.0.1572-150000.5.46.1 * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * vim-small-9.0.1572-150000.5.46.1 * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * vim-small-9.0.1572-150000.5.46.1 * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * vim-small-9.0.1572-150000.5.46.1 * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * vim-small-9.0.1572-150000.5.46.1 * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Manager Proxy 4.2 (x86_64) * vim-small-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Manager Proxy 4.2 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * vim-small-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * vim-small-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Manager Server 4.2 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * vim-small-9.0.1572-150000.5.46.1 * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Enterprise Storage 7.1 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Enterprise Storage 7 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE CaaS Platform 4.0 (x86_64) * gvim-9.0.1572-150000.5.46.1 * gvim-debuginfo-9.0.1572-150000.5.46.1 * vim-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE CaaS Platform 4.0 (noarch) * vim-data-9.0.1572-150000.5.46.1 * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-small-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-small-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.0.1572-150000.5.46.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-small-debuginfo-9.0.1572-150000.5.46.1 * vim-small-9.0.1572-150000.5.46.1 * vim-debugsource-9.0.1572-150000.5.46.1 * vim-debuginfo-9.0.1572-150000.5.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2426.html * https://www.suse.com/security/cve/CVE-2023-2609.html * https://www.suse.com/security/cve/CVE-2023-2610.html * https://bugzilla.suse.com/show_bug.cgi?id=1210996 * https://bugzilla.suse.com/show_bug.cgi?id=1211256 * https://bugzilla.suse.com/show_bug.cgi?id=1211257 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 17:10:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:10:04 -0000 Subject: SUSE-SU-2023:3264-1: important: Security update for container-suseconnect Message-ID: <169168740492.9868.17272705348929388975@smelt2.suse.de> # Security update for container-suseconnect Announcement ID: SUSE-SU-2023:3264-1 Rating: important References: * #1206346 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3264=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-3264=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3264=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3264=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3264=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3264=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3264=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3264=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3264=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3264=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3264=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3264=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3264=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * container-suseconnect-debuginfo-2.4.0-150000.4.34.1 * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.34.1 * SUSE CaaS Platform 4.0 (x86_64) * container-suseconnect-2.4.0-150000.4.34.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 17:10:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:10:08 -0000 Subject: SUSE-SU-2023:3263-1: important: Security update for go1.19 Message-ID: <169168740809.9868.4500565729174939354@smelt2.suse.de> # Security update for go1.19 Announcement ID: SUSE-SU-2023:3263-1 Rating: important References: * #1200441 * #1213880 Cross-References: * CVE-2023-29409 CVSS scores: * CVE-2023-29409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for go1.19 fixes the following issues: * Update to go v1.19.12 (released 2023-08-01) (bsc#1200441) * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3263=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3263=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3263=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3263=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3263=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3263=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3263=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3263=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3263=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.12-150000.1.40.1 * go1.19-race-1.19.12-150000.1.40.1 * go1.19-doc-1.19.12-150000.1.40.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.12-150000.1.40.1 * go1.19-doc-1.19.12-150000.1.40.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.19-race-1.19.12-150000.1.40.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.12-150000.1.40.1 * go1.19-race-1.19.12-150000.1.40.1 * go1.19-doc-1.19.12-150000.1.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * go1.19-1.19.12-150000.1.40.1 * go1.19-race-1.19.12-150000.1.40.1 * go1.19-doc-1.19.12-150000.1.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.19-1.19.12-150000.1.40.1 * go1.19-race-1.19.12-150000.1.40.1 * go1.19-doc-1.19.12-150000.1.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.12-150000.1.40.1 * go1.19-doc-1.19.12-150000.1.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * go1.19-race-1.19.12-150000.1.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.19-1.19.12-150000.1.40.1 * go1.19-doc-1.19.12-150000.1.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * go1.19-race-1.19.12-150000.1.40.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.19-1.19.12-150000.1.40.1 * go1.19-race-1.19.12-150000.1.40.1 * go1.19-doc-1.19.12-150000.1.40.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.12-150000.1.40.1 * go1.19-doc-1.19.12-150000.1.40.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.19-race-1.19.12-150000.1.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29409.html * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1213880 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 17:10:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:10:10 -0000 Subject: SUSE-SU-2023:3262-1: moderate: Security update for kernel-firmware Message-ID: <169168741024.9868.4487428130280138329@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3262-1 Rating: moderate References: * #1213287 Cross-References: * CVE-2023-20569 CVSS scores: * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3262=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * kernel-firmware-20170530-21.40.1 * ucode-amd-20170530-21.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20569.html * https://bugzilla.suse.com/show_bug.cgi?id=1213287 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 17:10:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:10:12 -0000 Subject: SUSE-RU-2023:3261-1: important: Recommended update for netcontrol Message-ID: <169168741242.9868.17172547794432701326@smelt2.suse.de> # Recommended update for netcontrol Announcement ID: SUSE-RU-2023:3261-1 Rating: important References: * #1213349 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for netcontrol fixes the following issues: * Fix EOF handling in xml-reader to avoid `virsh iface-*` commands hang on aarch64 (bsc#1213349) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3261=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3261=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3261=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3261=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3261=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3261=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3261=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3261=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3261=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3261=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3261=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3261=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3261=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3261=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3261=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3261=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol-devel-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * openSUSE Leap 15.4 (x86_64) * libnetcontrol0-32bit-0.3.2-150200.10.8.1 * libnetcontrol0-32bit-debuginfo-0.3.2-150200.10.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol-devel-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * openSUSE Leap 15.5 (x86_64) * libnetcontrol0-32bit-0.3.2-150200.10.8.1 * libnetcontrol0-32bit-debuginfo-0.3.2-150200.10.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol-devel-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol-devel-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * SUSE Manager Proxy 4.2 (x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol-devel-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol-devel-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol-devel-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * netcontrol-debugsource-0.3.2-150200.10.8.1 * libnetcontrol0-debuginfo-0.3.2-150200.10.8.1 * libnetcontrol0-0.3.2-150200.10.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213349 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 17:10:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 17:10:16 -0000 Subject: SUSE-SU-2023:3260-1: important: Security update for kubernetes1.24 Message-ID: <169168741632.9868.12106519128531437902@smelt2.suse.de> # Security update for kubernetes1.24 Announcement ID: SUSE-SU-2023:3260-1 Rating: important References: * #1211630 * #1211631 Cross-References: * CVE-2023-2727 * CVE-2023-2728 CVSS scores: * CVE-2023-2727 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2728 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2728 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for kubernetes1.24 fixes the following issues: Update to version 1.24.16: * CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin(bsc#1211630). * CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3260=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3260=1 openSUSE-SLE-15.4-2023-3260=1 ## Package List: * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-common-1.24.16-150400.9.8.2 * kubernetes1.24-client-1.24.16-150400.9.8.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-controller-manager-1.24.16-150400.9.8.2 * kubernetes1.24-kubelet-common-1.24.16-150400.9.8.2 * kubernetes1.24-client-1.24.16-150400.9.8.2 * kubernetes1.24-proxy-1.24.16-150400.9.8.2 * kubernetes1.24-scheduler-1.24.16-150400.9.8.2 * kubernetes1.24-client-common-1.24.16-150400.9.8.2 * kubernetes1.24-kubeadm-1.24.16-150400.9.8.2 * kubernetes1.24-kubelet-1.24.16-150400.9.8.2 * kubernetes1.24-apiserver-1.24.16-150400.9.8.2 * openSUSE Leap 15.4 (noarch) * kubernetes1.24-client-fish-completion-1.24.16-150400.9.8.2 * kubernetes1.24-client-bash-completion-1.24.16-150400.9.8.2 ## References: * https://www.suse.com/security/cve/CVE-2023-2727.html * https://www.suse.com/security/cve/CVE-2023-2728.html * https://bugzilla.suse.com/show_bug.cgi?id=1211630 * https://bugzilla.suse.com/show_bug.cgi?id=1211631 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 10 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Aug 2023 20:30:04 -0000 Subject: SUSE-RU-2023:3270-1: moderate: Recommended update for vim Message-ID: <169169940407.25662.10470765493662903009@smelt2.suse.de> # Recommended update for vim Announcement ID: SUSE-RU-2023:3270-1 Rating: moderate References: * #1211461 Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for vim fixes the following issues: * Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3270=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3270=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3270=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3270=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3270=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3270=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3270=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3270=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3270=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3270=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3270=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3270=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3270=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3270=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3270=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3270=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3270=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3270=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3270=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3270=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3270=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3270=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3270=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3270=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3270=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3270=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3270=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * vim-data-common-9.0.1572-150000.5.49.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * vim-small-9.0.1572-150000.5.49.1 * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * openSUSE Leap Micro 5.4 (noarch) * vim-data-common-9.0.1572-150000.5.49.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * vim-small-9.0.1572-150000.5.49.1 * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * openSUSE Leap 15.4 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-small-9.0.1572-150000.5.49.1 * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-small-9.0.1572-150000.5.49.1 * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-small-9.0.1572-150000.5.49.1 * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-small-9.0.1572-150000.5.49.1 * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * Basesystem Module 15-SP4 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Manager Proxy 4.2 (x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Manager Proxy 4.2 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Manager Server 4.2 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * vim-small-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE Enterprise Storage 7.1 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE CaaS Platform 4.0 (x86_64) * vim-debugsource-9.0.1572-150000.5.49.1 * gvim-debuginfo-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * gvim-9.0.1572-150000.5.49.1 * vim-9.0.1572-150000.5.49.1 * SUSE CaaS Platform 4.0 (noarch) * vim-data-9.0.1572-150000.5.49.1 * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * vim-small-9.0.1572-150000.5.49.1 * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-small-9.0.1572-150000.5.49.1 * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.0.1572-150000.5.49.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-small-9.0.1572-150000.5.49.1 * vim-debugsource-9.0.1572-150000.5.49.1 * vim-debuginfo-9.0.1572-150000.5.49.1 * vim-small-debuginfo-9.0.1572-150000.5.49.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211461 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 07:05:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 09:05:12 +0200 (CEST) Subject: SUSE-CU-2023:2574-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20230811070512.A4198FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2574-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.11 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.11 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - libopenssl1_1-1.1.1l-150500.17.15.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Fri Aug 11 07:08:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 09:08:16 +0200 (CEST) Subject: SUSE-CU-2023:2575-1: Security update of suse/sles12sp5 Message-ID: <20230811070816.3623BFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2575-1 Container Tags : suse/sles12sp5:6.5.497 , suse/sles12sp5:latest Container Release : 6.5.497 Severity : important Type : security References : 1084300 1194038 1213865 CVE-2018-7738 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3268-1 Released: Thu Aug 10 16:15:38 2023 Summary: Security update for util-linux Type: security Severity: important References: 1084300,1194038,1213865,CVE-2018-7738 This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions. (bsc#1213865, bsc#1084300) The following package changes have been done: - libblkid1-2.33.2-4.33.1 updated - libfdisk1-2.33.2-4.33.1 updated - libmount1-2.33.2-4.33.1 updated - libsmartcols1-2.33.2-4.33.1 updated - libuuid1-2.33.2-4.33.1 updated - util-linux-2.33.2-4.33.1 updated From sle-updates at lists.suse.com Fri Aug 11 07:11:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 09:11:27 +0200 (CEST) Subject: SUSE-CU-2023:2576-1: Security update of suse/sle15 Message-ID: <20230811071127.BC83EFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2576-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.326 Container Release : 9.5.326 Severity : important Type : security References : 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3264-1 Released: Thu Aug 10 16:05:20 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.34.1 updated From sle-updates at lists.suse.com Fri Aug 11 07:11:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 09:11:46 +0200 (CEST) Subject: SUSE-CU-2023:2577-1: Security update of bci/php-fpm Message-ID: <20230811071146.244CBFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2577-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.22 Container Release : 6.22 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - container:sles15-image-15.0.0-36.5.22 updated From sle-updates at lists.suse.com Fri Aug 11 08:54:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 08:54:14 -0000 Subject: SUSE-SU-2023:3272-1: moderate: Security update for python-scipy Message-ID: <169174405489.13458.5423567474859652385@smelt2.suse.de> # Security update for python-scipy Announcement ID: SUSE-SU-2023:3272-1 Rating: moderate References: * #1213062 * #1213137 Cross-References: * CVE-2023-25399 * CVE-2023-29824 CVSS scores: * CVE-2023-25399 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-25399 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29824 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-29824 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * HPC Module 15-SP4 * HPC Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-scipy fixes the following issues: * CVE-2023-25399: Fixed minor refcounting issue in Py_FindObjects (bsc#1213062). * CVE-2023-29824: Fixed use-after-free in Py_FindObjects (bsc#1213137). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3272=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3272=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-3272=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-3272=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3272=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3272=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-scipy-1.3.3-150200.5.3.1 * python3-scipy-debuginfo-1.3.3-150200.5.3.1 * python-scipy-debugsource-1.3.3-150200.5.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1 * python3-scipy_1_3_3-gnu-hpc-debuginfo-1.3.3-150200.5.3.1 * python-scipy_1_3_3-gnu-hpc-debugsource-1.3.3-150200.5.3.1 * python3-scipy-gnu-hpc-1.3.3-150200.5.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-scipy-1.3.3-150200.5.3.1 * python3-scipy-debuginfo-1.3.3-150200.5.3.1 * python-scipy-debugsource-1.3.3-150200.5.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1 * python3-scipy_1_3_3-gnu-hpc-debuginfo-1.3.3-150200.5.3.1 * python-scipy_1_3_3-gnu-hpc-debugsource-1.3.3-150200.5.3.1 * python3-scipy-gnu-hpc-1.3.3-150200.5.3.1 * HPC Module 15-SP4 (aarch64 x86_64) * python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1 * python3-scipy_1_3_3-gnu-hpc-debuginfo-1.3.3-150200.5.3.1 * python-scipy_1_3_3-gnu-hpc-debugsource-1.3.3-150200.5.3.1 * python3-scipy-gnu-hpc-1.3.3-150200.5.3.1 * HPC Module 15-SP5 (aarch64 x86_64) * python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1 * python3-scipy_1_3_3-gnu-hpc-debuginfo-1.3.3-150200.5.3.1 * python-scipy_1_3_3-gnu-hpc-debugsource-1.3.3-150200.5.3.1 * python3-scipy-gnu-hpc-1.3.3-150200.5.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-scipy-1.3.3-150200.5.3.1 * python3-scipy-debuginfo-1.3.3-150200.5.3.1 * python-scipy-debugsource-1.3.3-150200.5.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-scipy-1.3.3-150200.5.3.1 * python3-scipy-debuginfo-1.3.3-150200.5.3.1 * python-scipy-debugsource-1.3.3-150200.5.3.1 * SUSE Package Hub 15 15-SP5 (ppc64le) * python3-scipy_1_3_3-gnu-hpc-1.3.3-150200.5.3.1 * python3-scipy_1_3_3-gnu-hpc-debuginfo-1.3.3-150200.5.3.1 * python-scipy_1_3_3-gnu-hpc-debugsource-1.3.3-150200.5.3.1 * python3-scipy-gnu-hpc-1.3.3-150200.5.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25399.html * https://www.suse.com/security/cve/CVE-2023-29824.html * https://bugzilla.suse.com/show_bug.cgi?id=1213062 * https://bugzilla.suse.com/show_bug.cgi?id=1213137 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:03 -0000 Subject: SUSE-RU-2023:3295-1: moderate: Recommended update for apparmor Message-ID: <169175700352.30049.8186185862395644367@smelt2.suse.de> # Recommended update for apparmor Announcement ID: SUSE-RU-2023:3295-1 Rating: moderate References: * #1208798 * #1213941 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for apparmor fixes the following issues: * Update kerberosclient and samba profile abstractions to silence verbose denials (bsc#1208798) * Explicitly prefer apache2 instead of apache2-tls13 when building apparmor (bsc#1213941) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3295=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3295=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3295=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3295=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libapparmor-devel-2.8.2-56.12.1 * apparmor-debugsource-2.8.2-56.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * perl-apparmor-debuginfo-2.8.2-56.12.1 * apache2-mod_apparmor-debuginfo-2.8.2-56.12.1 * apparmor-parser-debuginfo-2.8.2-56.12.1 * apparmor-parser-2.8.2-56.12.1 * libapparmor1-debuginfo-2.8.2-56.12.1 * pam_apparmor-2.8.2-56.12.1 * libapparmor1-2.8.2-56.12.1 * apparmor-debugsource-2.8.2-56.12.1 * apache2-mod_apparmor-2.8.2-56.12.1 * perl-apparmor-2.8.2-56.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * apparmor-docs-2.8.2-56.12.1 * apparmor-utils-2.8.2-56.12.1 * apparmor-profiles-2.8.2-56.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * pam_apparmor-debuginfo-2.8.2-56.12.1 * libapparmor1-debuginfo-32bit-2.8.2-56.12.1 * pam_apparmor-32bit-2.8.2-56.12.1 * libapparmor1-32bit-2.8.2-56.12.1 * pam_apparmor-debuginfo-32bit-2.8.2-56.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * perl-apparmor-debuginfo-2.8.2-56.12.1 * apache2-mod_apparmor-debuginfo-2.8.2-56.12.1 * apparmor-parser-debuginfo-2.8.2-56.12.1 * apparmor-parser-2.8.2-56.12.1 * libapparmor1-debuginfo-2.8.2-56.12.1 * pam_apparmor-2.8.2-56.12.1 * libapparmor1-2.8.2-56.12.1 * apparmor-debugsource-2.8.2-56.12.1 * apache2-mod_apparmor-2.8.2-56.12.1 * perl-apparmor-2.8.2-56.12.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * apparmor-docs-2.8.2-56.12.1 * apparmor-utils-2.8.2-56.12.1 * apparmor-profiles-2.8.2-56.12.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * pam_apparmor-debuginfo-2.8.2-56.12.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * pam_apparmor-debuginfo-32bit-2.8.2-56.12.1 * libapparmor1-32bit-2.8.2-56.12.1 * libapparmor1-debuginfo-32bit-2.8.2-56.12.1 * pam_apparmor-32bit-2.8.2-56.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * perl-apparmor-debuginfo-2.8.2-56.12.1 * apache2-mod_apparmor-debuginfo-2.8.2-56.12.1 * pam_apparmor-debuginfo-2.8.2-56.12.1 * apparmor-parser-debuginfo-2.8.2-56.12.1 * apparmor-parser-2.8.2-56.12.1 * libapparmor1-debuginfo-2.8.2-56.12.1 * pam_apparmor-2.8.2-56.12.1 * libapparmor1-2.8.2-56.12.1 * apparmor-debugsource-2.8.2-56.12.1 * apache2-mod_apparmor-2.8.2-56.12.1 * perl-apparmor-2.8.2-56.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * apparmor-docs-2.8.2-56.12.1 * apparmor-utils-2.8.2-56.12.1 * apparmor-profiles-2.8.2-56.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * pam_apparmor-debuginfo-32bit-2.8.2-56.12.1 * libapparmor1-32bit-2.8.2-56.12.1 * libapparmor1-debuginfo-32bit-2.8.2-56.12.1 * pam_apparmor-32bit-2.8.2-56.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208798 * https://bugzilla.suse.com/show_bug.cgi?id=1213941 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:08 -0000 Subject: SUSE-RU-2023:3294-1: moderate: Recommended update for hwinfo Message-ID: <169175700833.30049.15777320204584410785@smelt2.suse.de> # Recommended update for hwinfo Announcement ID: SUSE-RU-2023:3294-1 Rating: moderate References: * #1200975 * #1204294 * #1212756 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has three recommended fixes can now be installed. ## Description: This update for hwinfo fixes the following issues: * Avoid linking problems with libsamba (bsc#1212756) * Update to version 21.85 * Create xen usb controller device if necessary (bsc#1204294) * Improve treatment of NVME devices (bsc#1200975) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3294=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3294=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3294=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3294=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3294=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3294=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3294=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3294=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3294=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3294=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3294=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3294=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-devel-debuginfo-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * hwinfo-devel-21.85-150300.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-devel-debuginfo-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * hwinfo-devel-21.85-150300.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-devel-debuginfo-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * hwinfo-devel-21.85-150300.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-devel-debuginfo-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * hwinfo-devel-21.85-150300.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-devel-debuginfo-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * hwinfo-devel-21.85-150300.3.6.1 * SUSE Manager Proxy 4.2 (x86_64) * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-devel-debuginfo-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * hwinfo-devel-21.85-150300.3.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-devel-debuginfo-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * hwinfo-devel-21.85-150300.3.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-devel-debuginfo-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * hwinfo-devel-21.85-150300.3.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-devel-debuginfo-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * hwinfo-devel-21.85-150300.3.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * hwinfo-debuginfo-21.85-150300.3.6.1 * hwinfo-debugsource-21.85-150300.3.6.1 * hwinfo-21.85-150300.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200975 * https://bugzilla.suse.com/show_bug.cgi?id=1204294 * https://bugzilla.suse.com/show_bug.cgi?id=1212756 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:11 -0000 Subject: SUSE-SU-2023:3292-1: moderate: Security update for poppler Message-ID: <169175701129.30049.12041355027321525040@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:3292-1 Rating: moderate References: * #1150039 Cross-References: * CVE-2019-16115 CVSS scores: * CVE-2019-16115 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2019-16115 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. (bsc#1150039) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3292=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3292=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3292=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3292=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3292=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3292=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (x86_64) * libpoppler-cpp0-0.79.0-150200.3.14.1 * libpoppler89-0.79.0-150200.3.14.1 * poppler-debugsource-0.79.0-150200.3.14.1 * poppler-tools-0.79.0-150200.3.14.1 * libpoppler-glib-devel-0.79.0-150200.3.14.1 * libpoppler-devel-0.79.0-150200.3.14.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.14.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.14.1 * libpoppler-glib8-0.79.0-150200.3.14.1 * poppler-tools-debuginfo-0.79.0-150200.3.14.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.14.1 * libpoppler89-debuginfo-0.79.0-150200.3.14.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libpoppler-cpp0-0.79.0-150200.3.14.1 * libpoppler89-0.79.0-150200.3.14.1 * poppler-debugsource-0.79.0-150200.3.14.1 * poppler-tools-0.79.0-150200.3.14.1 * libpoppler-glib-devel-0.79.0-150200.3.14.1 * libpoppler-devel-0.79.0-150200.3.14.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.14.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.14.1 * libpoppler-glib8-0.79.0-150200.3.14.1 * poppler-tools-debuginfo-0.79.0-150200.3.14.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.14.1 * libpoppler89-debuginfo-0.79.0-150200.3.14.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler89-0.79.0-150200.3.14.1 * libpoppler89-debuginfo-0.79.0-150200.3.14.1 * openSUSE Leap 15.4 (x86_64) * libpoppler89-32bit-0.79.0-150200.3.14.1 * libpoppler89-32bit-debuginfo-0.79.0-150200.3.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler89-0.79.0-150200.3.14.1 * poppler-debugsource-0.79.0-150200.3.14.1 * libpoppler89-debuginfo-0.79.0-150200.3.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpoppler89-0.79.0-150200.3.14.1 * poppler-debugsource-0.79.0-150200.3.14.1 * libpoppler89-debuginfo-0.79.0-150200.3.14.1 * SUSE Manager Proxy 4.2 (x86_64) * libpoppler-cpp0-0.79.0-150200.3.14.1 * libpoppler89-0.79.0-150200.3.14.1 * poppler-debugsource-0.79.0-150200.3.14.1 * poppler-tools-0.79.0-150200.3.14.1 * libpoppler-glib-devel-0.79.0-150200.3.14.1 * libpoppler-devel-0.79.0-150200.3.14.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.14.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.14.1 * libpoppler-glib8-0.79.0-150200.3.14.1 * poppler-tools-debuginfo-0.79.0-150200.3.14.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.14.1 * libpoppler89-debuginfo-0.79.0-150200.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2019-16115.html * https://bugzilla.suse.com/show_bug.cgi?id=1150039 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:13 -0000 Subject: SUSE-SU-2023:3291-1: moderate: Security update for openssl-1_1 Message-ID: <169175701392.30049.2552268977783489009@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:3291-1 Rating: moderate References: * #1213517 * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3291=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3291=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3291=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3291=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3291=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3291=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.75.1 * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.75.1 * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * SUSE Manager Server 4.2 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-1.1.1d-150200.11.75.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1d-150200.11.75.1 * libopenssl1_1-1.1.1d-150200.11.75.1 * openssl-1_1-1.1.1d-150200.11.75.1 * libopenssl1_1-hmac-1.1.1d-150200.11.75.1 * libopenssl-1_1-devel-1.1.1d-150200.11.75.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.75.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.75.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213517 * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:15 -0000 Subject: SUSE-SU-2023:3290-1: moderate: Security update for qatengine Message-ID: <169175701576.30049.1402114742174966103@smelt2.suse.de> # Security update for qatengine Announcement ID: SUSE-SU-2023:3290-1 Rating: moderate References: * #1211296 Cross-References: * CVE-2022-43507 CVSS scores: * CVE-2022-43507 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2022-43507 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for qatengine fixes the following issues: * CVE-2022-43507: Fixed a buffer overflow issue with SHA3. (bsc#1211296) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3290=1 openSUSE-SLE-15.4-2023-3290=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3290=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * qatengine-debugsource-0.6.10-150400.3.3.1 * qatengine-0.6.10-150400.3.3.1 * qatengine-debuginfo-0.6.10-150400.3.3.1 * Basesystem Module 15-SP4 (x86_64) * qatengine-debugsource-0.6.10-150400.3.3.1 * qatengine-0.6.10-150400.3.3.1 * qatengine-debuginfo-0.6.10-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-43507.html * https://bugzilla.suse.com/show_bug.cgi?id=1211296 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:17 -0000 Subject: SUSE-SU-2023:3289-1: important: Security update for ucode-intel Message-ID: <169175701783.30049.16803884741795277342@smelt2.suse.de> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:3289-1 Rating: important References: * #1206418 * #1214099 Cross-References: * CVE-2022-40982 * CVE-2022-41804 * CVE-2023-23908 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2022-41804 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H * CVE-2023-23908 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230808 release. (bsc#1214099) * CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure. * CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure. * CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3289=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * ucode-intel-20230808-13.110.1 * ucode-intel-debugsource-20230808-13.110.1 * ucode-intel-debuginfo-20230808-13.110.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2022-41804.html * https://www.suse.com/security/cve/CVE-2023-23908.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1214099 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:19 -0000 Subject: SUSE-RU-2023:3288-1: moderate: Recommended update for python-apipkg Message-ID: <169175701988.30049.1109899749276510366@smelt2.suse.de> # Recommended update for python-apipkg Announcement ID: SUSE-RU-2023:3288-1 Rating: moderate References: * #1213582 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3288=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3288=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3288=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3288=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3288=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3288=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3288=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3288=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3288=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3288=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3288=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3288=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3288=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3288=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * python3-apipkg-1.4-150000.3.6.1 * openSUSE Leap Micro 5.4 (noarch) * python3-apipkg-1.4-150000.3.6.1 * openSUSE Leap 15.4 (noarch) * python3-apipkg-1.4-150000.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-apipkg-1.4-150000.3.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-apipkg-1.4-150000.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-apipkg-1.4-150000.3.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-apipkg-1.4-150000.3.6.1 * Basesystem Module 15-SP4 (noarch) * python3-apipkg-1.4-150000.3.6.1 * SUSE Manager Proxy 4.2 (noarch) * python3-apipkg-1.4-150000.3.6.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-apipkg-1.4-150000.3.6.1 * SUSE Manager Server 4.2 (noarch) * python2-apipkg-1.4-150000.3.6.1 * python3-apipkg-1.4-150000.3.6.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-apipkg-1.4-150000.3.6.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-apipkg-1.4-150000.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-apipkg-1.4-150000.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213582 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:23 -0000 Subject: SUSE-SU-2023:3287-1: important: Security update for java-11-openjdk Message-ID: <169175702337.30049.12022289185222262969@smelt2.suse.de> # Security update for java-11-openjdk Announcement ID: SUSE-SU-2023:3287-1 Rating: important References: * #1207922 * #1213473 * #1213474 * #1213475 * #1213479 * #1213481 * #1213482 Cross-References: * CVE-2023-22006 * CVE-2023-22036 * CVE-2023-22041 * CVE-2023-22044 * CVE-2023-22045 * CVE-2023-22049 * CVE-2023-25193 CVSS scores: * CVE-2023-22006 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22006 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22036 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22036 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22041 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22041 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22044 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22044 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22049 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 (July 2023 CPU): * CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). * CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). * CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). * CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). * CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). * CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). * CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). * JDK-8298676: Enhanced Look and Feel * JDK-8300285: Enhance TLS data handling * JDK-8300596: Enhance Jar Signature validation * JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 * JDK-8302475: Enhance HTTP client file downloading * JDK-8302483: Enhance ZIP performance * JDK-8303376: Better launching of JDI * JDK-8304468: Better array usages * JDK-8305312: Enhanced path handling * JDK-8308682: Enhance AES performance Bugfixes: * JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed * JDK-8178806: Better exception logging in crypto code * JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out * JDK-8209167: Use CLDR's time zone mappings for Windows * JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx * JDK-8209880: tzdb.dat is not reproducibly built * JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails * JDK-8214459: NSS source should be removed * JDK-8214807: Improve handling of very old class files * JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests * JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded * JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle * JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError * JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException * JDK-8243936: NonWriteable system properties are actually writeable * JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider * JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters * JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates * JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence * JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation * JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer * JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer * JDK-8265486: ProblemList javax/sound/midi/Sequencer/ /Recording.java on macosx-aarch64 * JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped * JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input? * JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile * JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression * JDK-8275721: Name of UTC timezone in a locale changes depending on previous code * JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) * JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary * JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 * JDK-8278434: timeouts in test java/time/test/java/time/format/ /TestZoneTextPrinterParser.java * JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption * JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error * JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test * JDK-8282467: add extra diagnostics for JDK-8268184 * JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary * JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 * JDK-8285497: Add system property for Java SE specification maintenance version * JDK-8286398: Address possibly lossy conversions in jdk.internal.le * JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code * JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider * JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable * JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies * JDK-8289301: P11Cipher should not throw out of bounds exception during padding * JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space * JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 * JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value * JDK-8291638: Keep-Alive timeout of 0 should close connection immediately * JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected * JDK-8293232: Fix race condition in pkcs11 SessionManager * JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation * JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316 * JDK-8294906: Memory leak in PKCS11 NSS TLS server * JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames * JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not * JDK-8297000: [jib] Add more friendly warning for proxy issues * JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter * JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors * JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE * JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument * JDK-8300205: Swing test bug8078268 make latch timeout configurable * JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550 * JDK-8301119: Support for GB18030-2022 * JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns * JDK-8301401: Allow additional characters for GB18030-2022 support * JDK-8302151: BMPImageReader throws an exception reading BMP images * JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message * JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN * JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return * JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20 * JDK-8303440: The "ZonedDateTime.parse" may not accept the "UTC+XX" zone id * JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates * JDK-8303476: Add the runtime version in the release file of a JDK image * JDK-8303482: Update LCMS to 2.15 * JDK-8303564: C2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi * JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return * JDK-8303822: gtestMain should give more helpful output * JDK-8303861: Error handling step timeouts should never be blocked by OnError and others * JDK-8303937: Corrupted heap dumps due to missing retries for os::write() * JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype * JDK-8304291: [AIX] Broken build after JDK-8301998 * JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 * JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 * JDK-8304760: Add 2 Microsoft TLS roots * JDK-8305113: (tz) Update Timezone Data to 2023c * JDK-8305400: ISO 4217 Amendment 175 Update * JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap VM * JDK-8305682: Update the javadoc in the Character class to state support for GB 18030-2022 Implementation Level 2 * JDK-8305711: Arm: C2 always enters slowpath for monitorexit * JDK-8305721: add `make compile-commands` artifacts to .gitignore * JDK-8305975: Add TWCA Global Root CA * JDK-8306543: GHA: MSVC installation is failing * JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed * JDK-8306664: GHA: Update MSVC version to latest stepping * JDK-8306768: CodeCache Analytics reports wrong threshold * JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep * JDK-8307134: Add GTS root CAs * JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after backport of JDK-8303861 * JDK-8308006: Missing NMT memory tagging in CMS * JDK-8308884: [17u/11u] Backout JDK-8297951 * JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently * JDK-8311465: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3287=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3287=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3287=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3287=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3287=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3287=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3287=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3287=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3287=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3287=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3287=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3287=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3287=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3287=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3287=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3287=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3287=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3287=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3287=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3287=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-src-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-jmods-11.0.20.0-150000.3.99.1 * openSUSE Leap 15.4 (noarch) * java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-src-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-jmods-11.0.20.0-150000.3.99.1 * openSUSE Leap 15.5 (noarch) * java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Package Hub 15 15-SP4 (noarch) * java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1 * SUSE Package Hub 15 15-SP5 (noarch) * java-11-openjdk-javadoc-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Manager Proxy 4.2 (x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 * SUSE CaaS Platform 4.0 (x86_64) * java-11-openjdk-demo-11.0.20.0-150000.3.99.1 * java-11-openjdk-headless-11.0.20.0-150000.3.99.1 * java-11-openjdk-11.0.20.0-150000.3.99.1 * java-11-openjdk-devel-11.0.20.0-150000.3.99.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22006.html * https://www.suse.com/security/cve/CVE-2023-22036.html * https://www.suse.com/security/cve/CVE-2023-22041.html * https://www.suse.com/security/cve/CVE-2023-22044.html * https://www.suse.com/security/cve/CVE-2023-22045.html * https://www.suse.com/security/cve/CVE-2023-22049.html * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1207922 * https://bugzilla.suse.com/show_bug.cgi?id=1213473 * https://bugzilla.suse.com/show_bug.cgi?id=1213474 * https://bugzilla.suse.com/show_bug.cgi?id=1213475 * https://bugzilla.suse.com/show_bug.cgi?id=1213479 * https://bugzilla.suse.com/show_bug.cgi?id=1213481 * https://bugzilla.suse.com/show_bug.cgi?id=1213482 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:27 -0000 Subject: SUSE-RU-2023:3286-1: moderate: Recommended update for util-linux Message-ID: <169175702768.30049.2402969231837320442@smelt2.suse.de> # Recommended update for util-linux Announcement ID: SUSE-RU-2023:3286-1 Rating: moderate References: * #1194038 * #1194900 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for util-linux fixes the following issues: * Fix blkid for floppy drives (bsc#1194900) * Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3286=1 openSUSE-SLE-15.4-2023-3286=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3286=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3286=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3286=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3286=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3286=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3286=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3286=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3286=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libfdisk-devel-2.37.2-150400.8.20.1 * libuuid1-debuginfo-2.37.2-150400.8.20.1 * python3-libmount-debugsource-2.37.2-150400.8.20.1 * libmount1-debuginfo-2.37.2-150400.8.20.1 * util-linux-debuginfo-2.37.2-150400.8.20.1 * util-linux-systemd-debugsource-2.37.2-150400.8.20.1 * uuidd-debuginfo-2.37.2-150400.8.20.1 * util-linux-systemd-2.37.2-150400.8.20.1 * uuidd-2.37.2-150400.8.20.1 * libmount-devel-2.37.2-150400.8.20.1 * python3-libmount-debuginfo-2.37.2-150400.8.20.1 * libsmartcols-devel-2.37.2-150400.8.20.1 * libsmartcols1-debuginfo-2.37.2-150400.8.20.1 * libblkid-devel-2.37.2-150400.8.20.1 * libuuid1-2.37.2-150400.8.20.1 * libblkid1-2.37.2-150400.8.20.1 * util-linux-debugsource-2.37.2-150400.8.20.1 * libmount-devel-static-2.37.2-150400.8.20.1 * libblkid1-debuginfo-2.37.2-150400.8.20.1 * util-linux-2.37.2-150400.8.20.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.20.1 * libfdisk-devel-static-2.37.2-150400.8.20.1 * libfdisk1-2.37.2-150400.8.20.1 * libblkid-devel-static-2.37.2-150400.8.20.1 * libfdisk1-debuginfo-2.37.2-150400.8.20.1 * libmount1-2.37.2-150400.8.20.1 * libuuid-devel-2.37.2-150400.8.20.1 * libsmartcols1-2.37.2-150400.8.20.1 * libuuid-devel-static-2.37.2-150400.8.20.1 * libsmartcols-devel-static-2.37.2-150400.8.20.1 * python3-libmount-2.37.2-150400.8.20.1 * openSUSE Leap 15.4 (x86_64) * libsmartcols-devel-32bit-2.37.2-150400.8.20.1 * libuuid-devel-32bit-2.37.2-150400.8.20.1 * libsmartcols1-32bit-debuginfo-2.37.2-150400.8.20.1 * libuuid1-32bit-debuginfo-2.37.2-150400.8.20.1 * libfdisk1-32bit-2.37.2-150400.8.20.1 * libfdisk1-32bit-debuginfo-2.37.2-150400.8.20.1 * libblkid1-32bit-debuginfo-2.37.2-150400.8.20.1 * libblkid-devel-32bit-2.37.2-150400.8.20.1 * libmount1-32bit-debuginfo-2.37.2-150400.8.20.1 * libsmartcols1-32bit-2.37.2-150400.8.20.1 * libfdisk-devel-32bit-2.37.2-150400.8.20.1 * libmount1-32bit-2.37.2-150400.8.20.1 * libmount-devel-32bit-2.37.2-150400.8.20.1 * libblkid1-32bit-2.37.2-150400.8.20.1 * libuuid1-32bit-2.37.2-150400.8.20.1 * openSUSE Leap 15.4 (noarch) * util-linux-lang-2.37.2-150400.8.20.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsmartcols1-64bit-2.37.2-150400.8.20.1 * libmount1-64bit-debuginfo-2.37.2-150400.8.20.1 * libuuid1-64bit-debuginfo-2.37.2-150400.8.20.1 * libuuid1-64bit-2.37.2-150400.8.20.1 * libfdisk1-64bit-debuginfo-2.37.2-150400.8.20.1 * libuuid-devel-64bit-2.37.2-150400.8.20.1 * libblkid1-64bit-debuginfo-2.37.2-150400.8.20.1 * libmount-devel-64bit-2.37.2-150400.8.20.1 * libfdisk-devel-64bit-2.37.2-150400.8.20.1 * libsmartcols1-64bit-debuginfo-2.37.2-150400.8.20.1 * libsmartcols-devel-64bit-2.37.2-150400.8.20.1 * libmount1-64bit-2.37.2-150400.8.20.1 * libblkid-devel-64bit-2.37.2-150400.8.20.1 * libblkid1-64bit-2.37.2-150400.8.20.1 * libfdisk1-64bit-2.37.2-150400.8.20.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libfdisk1-2.37.2-150400.8.20.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.20.1 * libuuid1-debuginfo-2.37.2-150400.8.20.1 * libmount1-debuginfo-2.37.2-150400.8.20.1 * libfdisk1-debuginfo-2.37.2-150400.8.20.1 * libmount1-2.37.2-150400.8.20.1 * util-linux-debugsource-2.37.2-150400.8.20.1 * libblkid1-debuginfo-2.37.2-150400.8.20.1 * util-linux-2.37.2-150400.8.20.1 * libsmartcols1-debuginfo-2.37.2-150400.8.20.1 * util-linux-debuginfo-2.37.2-150400.8.20.1 * util-linux-systemd-debugsource-2.37.2-150400.8.20.1 * libsmartcols1-2.37.2-150400.8.20.1 * libuuid1-2.37.2-150400.8.20.1 * libblkid1-2.37.2-150400.8.20.1 * util-linux-systemd-2.37.2-150400.8.20.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libfdisk1-2.37.2-150400.8.20.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.20.1 * libuuid1-debuginfo-2.37.2-150400.8.20.1 * libmount1-debuginfo-2.37.2-150400.8.20.1 * libfdisk1-debuginfo-2.37.2-150400.8.20.1 * libmount1-2.37.2-150400.8.20.1 * util-linux-debugsource-2.37.2-150400.8.20.1 * libblkid1-debuginfo-2.37.2-150400.8.20.1 * util-linux-2.37.2-150400.8.20.1 * libsmartcols1-debuginfo-2.37.2-150400.8.20.1 * util-linux-debuginfo-2.37.2-150400.8.20.1 * util-linux-systemd-debugsource-2.37.2-150400.8.20.1 * libsmartcols1-2.37.2-150400.8.20.1 * libuuid1-2.37.2-150400.8.20.1 * libblkid1-2.37.2-150400.8.20.1 * util-linux-systemd-2.37.2-150400.8.20.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libfdisk1-2.37.2-150400.8.20.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.20.1 * libuuid1-debuginfo-2.37.2-150400.8.20.1 * libmount1-debuginfo-2.37.2-150400.8.20.1 * libfdisk1-debuginfo-2.37.2-150400.8.20.1 * libmount1-2.37.2-150400.8.20.1 * util-linux-debugsource-2.37.2-150400.8.20.1 * libblkid1-debuginfo-2.37.2-150400.8.20.1 * util-linux-2.37.2-150400.8.20.1 * libsmartcols1-debuginfo-2.37.2-150400.8.20.1 * util-linux-debuginfo-2.37.2-150400.8.20.1 * util-linux-systemd-debugsource-2.37.2-150400.8.20.1 * libsmartcols1-2.37.2-150400.8.20.1 * libuuid1-2.37.2-150400.8.20.1 * libblkid1-2.37.2-150400.8.20.1 * util-linux-systemd-2.37.2-150400.8.20.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libfdisk1-2.37.2-150400.8.20.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.20.1 * libuuid1-debuginfo-2.37.2-150400.8.20.1 * libmount1-debuginfo-2.37.2-150400.8.20.1 * libfdisk1-debuginfo-2.37.2-150400.8.20.1 * libmount1-2.37.2-150400.8.20.1 * util-linux-debugsource-2.37.2-150400.8.20.1 * libblkid1-debuginfo-2.37.2-150400.8.20.1 * util-linux-2.37.2-150400.8.20.1 * libsmartcols1-debuginfo-2.37.2-150400.8.20.1 * util-linux-debuginfo-2.37.2-150400.8.20.1 * util-linux-systemd-debugsource-2.37.2-150400.8.20.1 * libsmartcols1-2.37.2-150400.8.20.1 * libuuid1-2.37.2-150400.8.20.1 * libblkid1-2.37.2-150400.8.20.1 * util-linux-systemd-2.37.2-150400.8.20.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libfdisk1-2.37.2-150400.8.20.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.20.1 * libuuid1-debuginfo-2.37.2-150400.8.20.1 * libmount1-debuginfo-2.37.2-150400.8.20.1 * libfdisk1-debuginfo-2.37.2-150400.8.20.1 * libmount1-2.37.2-150400.8.20.1 * util-linux-debugsource-2.37.2-150400.8.20.1 * libblkid1-debuginfo-2.37.2-150400.8.20.1 * util-linux-2.37.2-150400.8.20.1 * libsmartcols1-debuginfo-2.37.2-150400.8.20.1 * util-linux-debuginfo-2.37.2-150400.8.20.1 * util-linux-systemd-debugsource-2.37.2-150400.8.20.1 * libsmartcols1-2.37.2-150400.8.20.1 * libuuid1-2.37.2-150400.8.20.1 * libblkid1-2.37.2-150400.8.20.1 * util-linux-systemd-2.37.2-150400.8.20.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libfdisk1-2.37.2-150400.8.20.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.20.1 * libuuid1-debuginfo-2.37.2-150400.8.20.1 * libmount1-debuginfo-2.37.2-150400.8.20.1 * libfdisk1-debuginfo-2.37.2-150400.8.20.1 * libmount1-2.37.2-150400.8.20.1 * util-linux-debugsource-2.37.2-150400.8.20.1 * libblkid1-debuginfo-2.37.2-150400.8.20.1 * util-linux-2.37.2-150400.8.20.1 * libsmartcols1-debuginfo-2.37.2-150400.8.20.1 * util-linux-debuginfo-2.37.2-150400.8.20.1 * util-linux-systemd-debugsource-2.37.2-150400.8.20.1 * libsmartcols1-2.37.2-150400.8.20.1 * libuuid1-2.37.2-150400.8.20.1 * libblkid1-2.37.2-150400.8.20.1 * util-linux-systemd-2.37.2-150400.8.20.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libfdisk-devel-2.37.2-150400.8.20.1 * libuuid1-debuginfo-2.37.2-150400.8.20.1 * libmount1-debuginfo-2.37.2-150400.8.20.1 * util-linux-debuginfo-2.37.2-150400.8.20.1 * util-linux-systemd-debugsource-2.37.2-150400.8.20.1 * util-linux-systemd-2.37.2-150400.8.20.1 * libmount-devel-2.37.2-150400.8.20.1 * libsmartcols-devel-2.37.2-150400.8.20.1 * libsmartcols1-debuginfo-2.37.2-150400.8.20.1 * libuuid1-2.37.2-150400.8.20.1 * libblkid-devel-2.37.2-150400.8.20.1 * libblkid1-2.37.2-150400.8.20.1 * util-linux-debugsource-2.37.2-150400.8.20.1 * libblkid1-debuginfo-2.37.2-150400.8.20.1 * util-linux-2.37.2-150400.8.20.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.20.1 * libfdisk1-2.37.2-150400.8.20.1 * libblkid-devel-static-2.37.2-150400.8.20.1 * libfdisk1-debuginfo-2.37.2-150400.8.20.1 * libmount1-2.37.2-150400.8.20.1 * libuuid-devel-2.37.2-150400.8.20.1 * libsmartcols1-2.37.2-150400.8.20.1 * libuuid-devel-static-2.37.2-150400.8.20.1 * Basesystem Module 15-SP4 (noarch) * util-linux-lang-2.37.2-150400.8.20.1 * Basesystem Module 15-SP4 (x86_64) * libuuid1-32bit-debuginfo-2.37.2-150400.8.20.1 * libmount1-32bit-debuginfo-2.37.2-150400.8.20.1 * libblkid1-32bit-debuginfo-2.37.2-150400.8.20.1 * libmount1-32bit-2.37.2-150400.8.20.1 * libblkid1-32bit-2.37.2-150400.8.20.1 * libuuid1-32bit-2.37.2-150400.8.20.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * uuidd-debuginfo-2.37.2-150400.8.20.1 * uuidd-2.37.2-150400.8.20.1 * util-linux-systemd-debuginfo-2.37.2-150400.8.20.1 * util-linux-systemd-debugsource-2.37.2-150400.8.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1194038 * https://bugzilla.suse.com/show_bug.cgi?id=1194900 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:30 -0000 Subject: SUSE-RU-2023:3285-1: moderate: Recommended update for shadow Message-ID: <169175703041.30049.17580670837209312643@smelt2.suse.de> # Recommended update for shadow Announcement ID: SUSE-RU-2023:3285-1 Rating: moderate References: * #1206627 * #1213189 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for shadow fixes the following issues: * Prevent lock files from remaining after power interruptions (bsc#1213189) * Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3285=1 openSUSE-SLE-15.4-2023-3285=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3285=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3285=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3285=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3285=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3285=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3285=1 ## Package List: * openSUSE Leap 15.4 (noarch) * login_defs-4.8.1-150400.10.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * shadow-debuginfo-4.8.1-150400.10.9.1 * shadow-4.8.1-150400.10.9.1 * shadow-debugsource-4.8.1-150400.10.9.1 * openSUSE Leap Micro 5.3 (noarch) * login_defs-4.8.1-150400.10.9.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * shadow-debuginfo-4.8.1-150400.10.9.1 * shadow-4.8.1-150400.10.9.1 * shadow-debugsource-4.8.1-150400.10.9.1 * openSUSE Leap 15.5 (noarch) * login_defs-4.8.1-150400.10.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * shadow-debuginfo-4.8.1-150400.10.9.1 * shadow-4.8.1-150400.10.9.1 * shadow-debugsource-4.8.1-150400.10.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * login_defs-4.8.1-150400.10.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * shadow-debuginfo-4.8.1-150400.10.9.1 * shadow-4.8.1-150400.10.9.1 * shadow-debugsource-4.8.1-150400.10.9.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * login_defs-4.8.1-150400.10.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * shadow-debuginfo-4.8.1-150400.10.9.1 * shadow-4.8.1-150400.10.9.1 * shadow-debugsource-4.8.1-150400.10.9.1 * Basesystem Module 15-SP4 (noarch) * login_defs-4.8.1-150400.10.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * shadow-debuginfo-4.8.1-150400.10.9.1 * shadow-4.8.1-150400.10.9.1 * shadow-debugsource-4.8.1-150400.10.9.1 * Basesystem Module 15-SP5 (noarch) * login_defs-4.8.1-150400.10.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * shadow-debuginfo-4.8.1-150400.10.9.1 * shadow-4.8.1-150400.10.9.1 * shadow-debugsource-4.8.1-150400.10.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206627 * https://bugzilla.suse.com/show_bug.cgi?id=1213189 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:32 -0000 Subject: SUSE-RU-2023:3284-1: moderate: Recommended update for shadow Message-ID: <169175703282.30049.1131378719582559567@smelt2.suse.de> # Recommended update for shadow Announcement ID: SUSE-RU-2023:3284-1 Rating: moderate References: * #1206627 * #1213189 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has two recommended fixes can now be installed. ## Description: This update for shadow fixes the following issues: * Prevent lock files from remaining after power interruptions (bsc#1213189) * Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3284=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3284=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3284=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3284=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3284=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3284=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3284=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3284=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3284=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3284=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3284=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3284=1 ## Package List: * SUSE Manager Server 4.2 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Enterprise Storage 7.1 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Manager Proxy 4.2 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Manager Proxy 4.2 (x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * login_defs-4.8.1-150300.4.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * shadow-4.8.1-150300.4.9.1 * shadow-debuginfo-4.8.1-150300.4.9.1 * shadow-debugsource-4.8.1-150300.4.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206627 * https://bugzilla.suse.com/show_bug.cgi?id=1213189 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:35 -0000 Subject: SUSE-FU-2023:3283-1: moderate: Feature update for cloud-init Message-ID: <169175703500.30049.10317305649100290761@smelt2.suse.de> # Feature update for cloud-init Announcement ID: SUSE-FU-2023:3283-1 Rating: moderate References: * #1184758 * #1210273 * #1212879 Cross-References: * CVE-2021-3429 * CVE-2023-1786 CVSS scores: * CVE-2021-3429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-3429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1786 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1786 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one feature fix can now be installed. ## Description: This update for cloud-init fixes the following issues: * Default route is not configured (bsc#1212879) * cloud-final service failing in powerVS (bsc#1210273) * Randomly generated passwords logged in clear-text to world-readable file (bsc#1184758, CVE-2021-3429) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3283=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3283=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3283=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3283=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3283=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3283=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3283=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cloud-init-doc-23.1-150100.8.66.1 * cloud-init-23.1-150100.8.66.1 * cloud-init-config-suse-23.1-150100.8.66.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cloud-init-doc-23.1-150100.8.66.1 * cloud-init-23.1-150100.8.66.1 * cloud-init-config-suse-23.1-150100.8.66.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * cloud-init-23.1-150100.8.66.1 * cloud-init-config-suse-23.1-150100.8.66.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * cloud-init-23.1-150100.8.66.1 * cloud-init-config-suse-23.1-150100.8.66.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * cloud-init-23.1-150100.8.66.1 * cloud-init-config-suse-23.1-150100.8.66.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cloud-init-23.1-150100.8.66.1 * cloud-init-config-suse-23.1-150100.8.66.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cloud-init-23.1-150100.8.66.1 * cloud-init-config-suse-23.1-150100.8.66.1 ## References: * https://www.suse.com/security/cve/CVE-2021-3429.html * https://www.suse.com/security/cve/CVE-2023-1786.html * https://bugzilla.suse.com/show_bug.cgi?id=1184758 * https://bugzilla.suse.com/show_bug.cgi?id=1210273 * https://bugzilla.suse.com/show_bug.cgi?id=1212879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:36 -0000 Subject: SUSE-RU-2023:3282-1: moderate: Recommended update for blog Message-ID: <169175703684.30049.4438277013373834881@smelt2.suse.de> # Recommended update for blog Announcement ID: SUSE-RU-2023:3282-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for blog fixes the following issues: * Fix big endian cast problems to be able to read commands and ansers as well as passphrases ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3282=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3282=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3282=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3282=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3282=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3282=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3282=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3282=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3282=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3282=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3282=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3282=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3282=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3282=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3282=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3282=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3282=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3282=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3282=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3282=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3282=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3282=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * blog-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * blog-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * blog-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * blog-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Manager Proxy 4.2 (x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * blog-2.26-150300.4.6.1 * blog-plymouth-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-devel-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise Micro 5.1 (s390x) * blog-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * blog-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * blog-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * blog-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * blog-2.26-150300.4.6.1 * libblogger2-debuginfo-2.26-150300.4.6.1 * libblogger2-2.26-150300.4.6.1 * blog-debuginfo-2.26-150300.4.6.1 * blog-debugsource-2.26-150300.4.6.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:40 -0000 Subject: SUSE-RU-2023:3281-1: moderate: Recommended update for insserv-compat Message-ID: <169175704006.30049.5140208986018209831@smelt2.suse.de> # Recommended update for insserv-compat Announcement ID: SUSE-RU-2023:3281-1 Rating: moderate References: * #1052837 * #1212955 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has two recommended fixes can now be installed. ## Description: This update for insserv-compat fixes the following issues: * Remove not needed named entry from insserv.conf (bsc#1052837, bsc#1212955) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-3281=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-3281=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-3281=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3281=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-3281=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-3281=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3281=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3281=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3281=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * insserv-compat-0.1-14.6.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * insserv-compat-0.1-14.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * insserv-compat-0.1-14.6.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * insserv-compat-0.1-14.6.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * insserv-compat-0.1-14.6.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * insserv-compat-0.1-14.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * insserv-compat-0.1-14.6.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * insserv-compat-0.1-14.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * insserv-compat-0.1-14.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1052837 * https://bugzilla.suse.com/show_bug.cgi?id=1212955 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:42 -0000 Subject: SUSE-RU-2023:3280-1: moderate: Recommended update for SAPHanaSR-ScaleOut Message-ID: <169175704285.30049.14891524224490832294@smelt2.suse.de> # Recommended update for SAPHanaSR-ScaleOut Announcement ID: SUSE-RU-2023:3280-1 Rating: moderate References: * #1196650 * #1210573 * #1210728 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP1 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains two features and has three recommended fixes can now be installed. ## Description: This update for SAPHanaSR-ScaleOut fixes the following issues: * Updated to version 0.185.0 * Avoid usage of /tmp filesystem to keep resource agents working even the filesystem is full (bsc#1210728) * Fix the path for the HA/DR provider hook in the global.ini (bsc#1210573) * Update man pages * Fix cluster recovering on the same HANA side (bsc#1196650) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3280=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3280=1 * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-3280=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-3280=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-3280=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-3280=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3280=1 ## Package List: * openSUSE Leap 15.4 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.0-150000.36.1 * SAPHanaSR-ScaleOut-0.185.0-150000.36.1 * openSUSE Leap 15.5 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.0-150000.36.1 * SAPHanaSR-ScaleOut-0.185.0-150000.36.1 * SAP Applications Module 15-SP1 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.0-150000.36.1 * SAPHanaSR-ScaleOut-0.185.0-150000.36.1 * SAP Applications Module 15-SP2 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.0-150000.36.1 * SAPHanaSR-ScaleOut-0.185.0-150000.36.1 * SAP Applications Module 15-SP3 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.0-150000.36.1 * SAPHanaSR-ScaleOut-0.185.0-150000.36.1 * SAP Applications Module 15-SP4 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.0-150000.36.1 * SAPHanaSR-ScaleOut-0.185.0-150000.36.1 * SAP Applications Module 15-SP5 (noarch) * SAPHanaSR-ScaleOut-doc-0.185.0-150000.36.1 * SAPHanaSR-ScaleOut-0.185.0-150000.36.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1196650 * https://bugzilla.suse.com/show_bug.cgi?id=1210573 * https://bugzilla.suse.com/show_bug.cgi?id=1210728 * https://jira.suse.com/browse/PED-1739 * https://jira.suse.com/browse/PED-2608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:46 -0000 Subject: SUSE-RU-2023:3279-1: moderate: Recommended update for 389-ds Message-ID: <169175704622.30049.4926037054019249016@smelt2.suse.de> # Recommended update for 389-ds Announcement ID: SUSE-RU-2023:3279-1 Rating: moderate References: * #1210462 * #1212726 * #1213191 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for 389-ds fixes the following issues: * Update for stability patches (bsc#1213191) * OpenLDAP to 389-ds migration - exclude unsupported attributes (bsc#1210462) * SSSD client performance improvements (bsc#1212726) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3279=1 openSUSE-SLE-15.4-2023-3279=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3279=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * 389-ds-snmp-debuginfo-2.0.17~git71.35ef59e-150400.3.28.1 * 389-ds-debuginfo-2.0.17~git71.35ef59e-150400.3.28.1 * libsvrcore0-2.0.17~git71.35ef59e-150400.3.28.1 * 389-ds-devel-2.0.17~git71.35ef59e-150400.3.28.1 * 389-ds-debugsource-2.0.17~git71.35ef59e-150400.3.28.1 * libsvrcore0-debuginfo-2.0.17~git71.35ef59e-150400.3.28.1 * 389-ds-2.0.17~git71.35ef59e-150400.3.28.1 * 389-ds-snmp-2.0.17~git71.35ef59e-150400.3.28.1 * lib389-2.0.17~git71.35ef59e-150400.3.28.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libsvrcore0-2.0.17~git71.35ef59e-150400.3.28.1 * 389-ds-debuginfo-2.0.17~git71.35ef59e-150400.3.28.1 * 389-ds-devel-2.0.17~git71.35ef59e-150400.3.28.1 * 389-ds-debugsource-2.0.17~git71.35ef59e-150400.3.28.1 * libsvrcore0-debuginfo-2.0.17~git71.35ef59e-150400.3.28.1 * 389-ds-2.0.17~git71.35ef59e-150400.3.28.1 * lib389-2.0.17~git71.35ef59e-150400.3.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210462 * https://bugzilla.suse.com/show_bug.cgi?id=1212726 * https://bugzilla.suse.com/show_bug.cgi?id=1213191 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:48 -0000 Subject: SUSE-RU-2023:3278-1: moderate: Recommended update for 389-ds Message-ID: <169175704864.30049.2113333799638998520@smelt2.suse.de> # Recommended update for 389-ds Announcement ID: SUSE-RU-2023:3278-1 Rating: moderate References: * #1212726 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for 389-ds fixes the following issues: * Resolve wtime going negative in some cases (bsc#1212726) * Update to version 1.4.4.19~git79.578903b ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3278=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3278=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3278=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3278=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3278=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3278=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3278=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3278=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3278=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * 389-ds-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-debugsource-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-devel-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * lib389-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * 389-ds-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-debugsource-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-devel-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * lib389-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * 389-ds-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-debugsource-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-devel-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * lib389-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * 389-ds-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-debugsource-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-devel-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * lib389-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * 389-ds-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-debugsource-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-devel-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * lib389-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * SUSE Manager Proxy 4.2 (x86_64) * 389-ds-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-debugsource-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-devel-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * lib389-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * 389-ds-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-debugsource-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-devel-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * lib389-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * 389-ds-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-debugsource-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-devel-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * lib389-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * 389-ds-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-debugsource-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * 389-ds-devel-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * libsvrcore0-debuginfo-1.4.4.19~git80.e8f0b0e-150300.3.32.1 * lib389-1.4.4.19~git80.e8f0b0e-150300.3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:50 -0000 Subject: SUSE-RU-2023:3277-1: moderate: Recommended update for 389-ds Message-ID: <169175705084.30049.9137802514499036494@smelt2.suse.de> # Recommended update for 389-ds Announcement ID: SUSE-RU-2023:3277-1 Rating: moderate References: * #1212726 Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for 389-ds fixes the following issues: * SSSD client performance improvements (bsc#1212726) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3277=1 SUSE-2023-3277=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3277=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * 389-ds-snmp-2.2.8~git21.c11e86f-150500.3.8.1 * 389-ds-devel-2.2.8~git21.c11e86f-150500.3.8.1 * lib389-2.2.8~git21.c11e86f-150500.3.8.1 * 389-ds-2.2.8~git21.c11e86f-150500.3.8.1 * libsvrcore0-debuginfo-2.2.8~git21.c11e86f-150500.3.8.1 * libsvrcore0-2.2.8~git21.c11e86f-150500.3.8.1 * 389-ds-debugsource-2.2.8~git21.c11e86f-150500.3.8.1 * 389-ds-snmp-debuginfo-2.2.8~git21.c11e86f-150500.3.8.1 * 389-ds-debuginfo-2.2.8~git21.c11e86f-150500.3.8.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * lib389-2.2.8~git21.c11e86f-150500.3.8.1 * 389-ds-devel-2.2.8~git21.c11e86f-150500.3.8.1 * 389-ds-2.2.8~git21.c11e86f-150500.3.8.1 * libsvrcore0-debuginfo-2.2.8~git21.c11e86f-150500.3.8.1 * libsvrcore0-2.2.8~git21.c11e86f-150500.3.8.1 * 389-ds-debugsource-2.2.8~git21.c11e86f-150500.3.8.1 * 389-ds-debuginfo-2.2.8~git21.c11e86f-150500.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:52 -0000 Subject: SUSE-RU-2023:3276-1: moderate: Recommended update for apparmor Message-ID: <169175705265.30049.17029742386365640731@smelt2.suse.de> # Recommended update for apparmor Announcement ID: SUSE-RU-2023:3276-1 Rating: moderate References: * #1213472 Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for apparmor fixes the following issues: * Add pam_apparmor README (bsc#1213472) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3276=1 openSUSE-SLE-15.5-2023-3276=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3276=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3276=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3276=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * ruby-apparmor-debuginfo-3.0.4-150500.11.3.1 * apparmor-parser-debuginfo-3.0.4-150500.11.3.1 * libapparmor-devel-3.0.4-150500.11.3.1 * libapparmor1-3.0.4-150500.11.3.1 * ruby-apparmor-3.0.4-150500.11.3.1 * python3-apparmor-debuginfo-3.0.4-150500.11.3.1 * apache2-mod_apparmor-3.0.4-150500.11.3.1 * apparmor-parser-3.0.4-150500.11.3.1 * python3-apparmor-3.0.4-150500.11.3.1 * libapparmor-debugsource-3.0.4-150500.11.3.1 * perl-apparmor-debuginfo-3.0.4-150500.11.3.1 * libapparmor1-debuginfo-3.0.4-150500.11.3.1 * apparmor-debugsource-3.0.4-150500.11.3.1 * pam_apparmor-debuginfo-3.0.4-150500.11.3.1 * apache2-mod_apparmor-debuginfo-3.0.4-150500.11.3.1 * pam_apparmor-3.0.4-150500.11.3.1 * perl-apparmor-3.0.4-150500.11.3.1 * openSUSE Leap 15.5 (noarch) * apparmor-docs-3.0.4-150500.11.3.1 * apparmor-profiles-3.0.4-150500.11.3.1 * apparmor-utils-lang-3.0.4-150500.11.3.1 * apparmor-abstractions-3.0.4-150500.11.3.1 * apparmor-utils-3.0.4-150500.11.3.1 * apparmor-parser-lang-3.0.4-150500.11.3.1 * openSUSE Leap 15.5 (x86_64) * libapparmor1-32bit-debuginfo-3.0.4-150500.11.3.1 * libapparmor1-32bit-3.0.4-150500.11.3.1 * pam_apparmor-32bit-debuginfo-3.0.4-150500.11.3.1 * pam_apparmor-32bit-3.0.4-150500.11.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libapparmor1-64bit-debuginfo-3.0.4-150500.11.3.1 * pam_apparmor-64bit-3.0.4-150500.11.3.1 * libapparmor1-64bit-3.0.4-150500.11.3.1 * pam_apparmor-64bit-debuginfo-3.0.4-150500.11.3.1 * Basesystem Module 15-SP5 (noarch) * apparmor-docs-3.0.4-150500.11.3.1 * apparmor-profiles-3.0.4-150500.11.3.1 * apparmor-utils-lang-3.0.4-150500.11.3.1 * apparmor-abstractions-3.0.4-150500.11.3.1 * apparmor-utils-3.0.4-150500.11.3.1 * apparmor-parser-lang-3.0.4-150500.11.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apparmor-parser-debuginfo-3.0.4-150500.11.3.1 * libapparmor-devel-3.0.4-150500.11.3.1 * libapparmor1-3.0.4-150500.11.3.1 * python3-apparmor-debuginfo-3.0.4-150500.11.3.1 * apparmor-parser-3.0.4-150500.11.3.1 * libapparmor1-debuginfo-3.0.4-150500.11.3.1 * python3-apparmor-3.0.4-150500.11.3.1 * apparmor-debugsource-3.0.4-150500.11.3.1 * pam_apparmor-debuginfo-3.0.4-150500.11.3.1 * pam_apparmor-3.0.4-150500.11.3.1 * libapparmor-debugsource-3.0.4-150500.11.3.1 * Basesystem Module 15-SP5 (x86_64) * libapparmor1-32bit-debuginfo-3.0.4-150500.11.3.1 * libapparmor1-32bit-3.0.4-150500.11.3.1 * pam_apparmor-32bit-debuginfo-3.0.4-150500.11.3.1 * pam_apparmor-32bit-3.0.4-150500.11.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apparmor-debugsource-3.0.4-150500.11.3.1 * perl-apparmor-debuginfo-3.0.4-150500.11.3.1 * perl-apparmor-3.0.4-150500.11.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apparmor-debugsource-3.0.4-150500.11.3.1 * apache2-mod_apparmor-3.0.4-150500.11.3.1 * apache2-mod_apparmor-debuginfo-3.0.4-150500.11.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:55 -0000 Subject: SUSE-RU-2023:3275-1: moderate: Recommended update for apparmor Message-ID: <169175705568.30049.11695348767349010887@smelt2.suse.de> # Recommended update for apparmor Announcement ID: SUSE-RU-2023:3275-1 Rating: moderate References: * #1213472 Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for apparmor fixes the following issues: * Add pam_apparmor README (bsc#1213472) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3275=1 openSUSE-SLE-15.4-2023-3275=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3275=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3275=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3275=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3275=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3275=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3275=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3275=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3275=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3275=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-mod_apparmor-3.0.4-150400.5.6.1 * apparmor-debugsource-3.0.4-150400.5.6.1 * pam_apparmor-3.0.4-150400.5.6.1 * python3-apparmor-debuginfo-3.0.4-150400.5.6.1 * apache2-mod_apparmor-debuginfo-3.0.4-150400.5.6.1 * libapparmor1-debuginfo-3.0.4-150400.5.6.1 * apparmor-parser-3.0.4-150400.5.6.1 * pam_apparmor-debuginfo-3.0.4-150400.5.6.1 * perl-apparmor-3.0.4-150400.5.6.1 * python3-apparmor-3.0.4-150400.5.6.1 * libapparmor-debugsource-3.0.4-150400.5.6.1 * perl-apparmor-debuginfo-3.0.4-150400.5.6.1 * apparmor-parser-debuginfo-3.0.4-150400.5.6.1 * ruby-apparmor-3.0.4-150400.5.6.1 * libapparmor1-3.0.4-150400.5.6.1 * libapparmor-devel-3.0.4-150400.5.6.1 * ruby-apparmor-debuginfo-3.0.4-150400.5.6.1 * openSUSE Leap 15.4 (noarch) * apparmor-utils-lang-3.0.4-150400.5.6.1 * apparmor-profiles-3.0.4-150400.5.6.1 * apparmor-parser-lang-3.0.4-150400.5.6.1 * apparmor-abstractions-3.0.4-150400.5.6.1 * apparmor-utils-3.0.4-150400.5.6.1 * apparmor-docs-3.0.4-150400.5.6.1 * openSUSE Leap 15.4 (x86_64) * libapparmor1-32bit-3.0.4-150400.5.6.1 * pam_apparmor-32bit-debuginfo-3.0.4-150400.5.6.1 * libapparmor1-32bit-debuginfo-3.0.4-150400.5.6.1 * pam_apparmor-32bit-3.0.4-150400.5.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * pam_apparmor-64bit-debuginfo-3.0.4-150400.5.6.1 * libapparmor1-64bit-3.0.4-150400.5.6.1 * pam_apparmor-64bit-3.0.4-150400.5.6.1 * libapparmor1-64bit-debuginfo-3.0.4-150400.5.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * apparmor-debugsource-3.0.4-150400.5.6.1 * pam_apparmor-3.0.4-150400.5.6.1 * libapparmor1-debuginfo-3.0.4-150400.5.6.1 * apparmor-parser-3.0.4-150400.5.6.1 * pam_apparmor-debuginfo-3.0.4-150400.5.6.1 * libapparmor1-3.0.4-150400.5.6.1 * libapparmor-debugsource-3.0.4-150400.5.6.1 * apparmor-parser-debuginfo-3.0.4-150400.5.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * apparmor-debugsource-3.0.4-150400.5.6.1 * pam_apparmor-3.0.4-150400.5.6.1 * libapparmor1-debuginfo-3.0.4-150400.5.6.1 * apparmor-parser-3.0.4-150400.5.6.1 * pam_apparmor-debuginfo-3.0.4-150400.5.6.1 * libapparmor1-3.0.4-150400.5.6.1 * libapparmor-debugsource-3.0.4-150400.5.6.1 * apparmor-parser-debuginfo-3.0.4-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * apparmor-debugsource-3.0.4-150400.5.6.1 * pam_apparmor-3.0.4-150400.5.6.1 * libapparmor1-debuginfo-3.0.4-150400.5.6.1 * apparmor-parser-3.0.4-150400.5.6.1 * pam_apparmor-debuginfo-3.0.4-150400.5.6.1 * libapparmor1-3.0.4-150400.5.6.1 * libapparmor-debugsource-3.0.4-150400.5.6.1 * apparmor-parser-debuginfo-3.0.4-150400.5.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * apparmor-debugsource-3.0.4-150400.5.6.1 * pam_apparmor-3.0.4-150400.5.6.1 * libapparmor1-debuginfo-3.0.4-150400.5.6.1 * apparmor-parser-3.0.4-150400.5.6.1 * pam_apparmor-debuginfo-3.0.4-150400.5.6.1 * libapparmor1-3.0.4-150400.5.6.1 * libapparmor-debugsource-3.0.4-150400.5.6.1 * apparmor-parser-debuginfo-3.0.4-150400.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * apparmor-debugsource-3.0.4-150400.5.6.1 * pam_apparmor-3.0.4-150400.5.6.1 * libapparmor1-debuginfo-3.0.4-150400.5.6.1 * apparmor-parser-3.0.4-150400.5.6.1 * pam_apparmor-debuginfo-3.0.4-150400.5.6.1 * libapparmor1-3.0.4-150400.5.6.1 * libapparmor-debugsource-3.0.4-150400.5.6.1 * apparmor-parser-debuginfo-3.0.4-150400.5.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * apparmor-debugsource-3.0.4-150400.5.6.1 * pam_apparmor-3.0.4-150400.5.6.1 * libapparmor1-debuginfo-3.0.4-150400.5.6.1 * apparmor-parser-3.0.4-150400.5.6.1 * pam_apparmor-debuginfo-3.0.4-150400.5.6.1 * libapparmor1-3.0.4-150400.5.6.1 * libapparmor-debugsource-3.0.4-150400.5.6.1 * apparmor-parser-debuginfo-3.0.4-150400.5.6.1 * Basesystem Module 15-SP4 (noarch) * apparmor-utils-lang-3.0.4-150400.5.6.1 * apparmor-profiles-3.0.4-150400.5.6.1 * apparmor-parser-lang-3.0.4-150400.5.6.1 * apparmor-abstractions-3.0.4-150400.5.6.1 * apparmor-utils-3.0.4-150400.5.6.1 * apparmor-docs-3.0.4-150400.5.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apparmor-debugsource-3.0.4-150400.5.6.1 * python3-apparmor-debuginfo-3.0.4-150400.5.6.1 * pam_apparmor-3.0.4-150400.5.6.1 * libapparmor1-debuginfo-3.0.4-150400.5.6.1 * apparmor-parser-3.0.4-150400.5.6.1 * pam_apparmor-debuginfo-3.0.4-150400.5.6.1 * python3-apparmor-3.0.4-150400.5.6.1 * libapparmor-debugsource-3.0.4-150400.5.6.1 * libapparmor1-3.0.4-150400.5.6.1 * apparmor-parser-debuginfo-3.0.4-150400.5.6.1 * libapparmor-devel-3.0.4-150400.5.6.1 * Basesystem Module 15-SP4 (x86_64) * libapparmor1-32bit-3.0.4-150400.5.6.1 * pam_apparmor-32bit-debuginfo-3.0.4-150400.5.6.1 * pam_apparmor-32bit-3.0.4-150400.5.6.1 * libapparmor1-32bit-debuginfo-3.0.4-150400.5.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apparmor-debugsource-3.0.4-150400.5.6.1 * perl-apparmor-debuginfo-3.0.4-150400.5.6.1 * perl-apparmor-3.0.4-150400.5.6.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-mod_apparmor-3.0.4-150400.5.6.1 * apache2-mod_apparmor-debuginfo-3.0.4-150400.5.6.1 * apparmor-debugsource-3.0.4-150400.5.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:57 -0000 Subject: SUSE-RU-2023:3274-1: moderate: Recommended update for man Message-ID: <169175705790.30049.18075938775775513078@smelt2.suse.de> # Recommended update for man Announcement ID: SUSE-RU-2023:3274-1 Rating: moderate References: * #1155879 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for man fixes the following issues: * Avoid refreshing database by inverting exit status of find command (bsc#1155879) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3274=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3274=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3274=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3274=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3274=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3274=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3274=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3274=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3274=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3274=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3274=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3274=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3274=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3274=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3274=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3274=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3274=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3274=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3274=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Manager Proxy 4.2 (x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * SUSE CaaS Platform 4.0 (x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * man-debuginfo-2.7.6-150100.8.3.1 * man-2.7.6-150100.8.3.1 * man-debugsource-2.7.6-150100.8.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1155879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 12:30:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 12:30:59 -0000 Subject: SUSE-RU-2023:3273-1: moderate: Recommended update for rpmlint Message-ID: <169175705994.30049.138090659549771710@smelt2.suse.de> # Recommended update for rpmlint Announcement ID: SUSE-RU-2023:3273-1 Rating: moderate References: * #1213623 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for rpmlint fixes the following issues: * backport setroubleshoot D-Bus whitelisting for SLE-Micro (bsc#1213623). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3273=1 openSUSE-SLE-15.4-2023-3273=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3273=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3273=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3273=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rpmlint-mini-debugsource-1.10-150400.23.14.2 * rpmlint-mini-1.10-150400.23.14.2 * rpmlint-mini-debuginfo-1.10-150400.23.14.2 * openSUSE Leap 15.4 (noarch) * rpmlint-1.10-150000.7.73.1 * openSUSE Leap 15.5 (noarch) * rpmlint-1.10-150000.7.73.1 * Development Tools Module 15-SP4 (noarch) * rpmlint-1.10-150000.7.73.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-debugsource-1.10-150400.23.14.2 * rpmlint-mini-1.10-150400.23.14.2 * rpmlint-mini-debuginfo-1.10-150400.23.14.2 * Development Tools Module 15-SP5 (noarch) * rpmlint-1.10-150000.7.73.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-debugsource-1.10-150400.23.14.2 * rpmlint-mini-1.10-150400.23.14.2 * rpmlint-mini-debuginfo-1.10-150400.23.14.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 20:30:02 -0000 Subject: SUSE-SU-2023:3298-1: moderate: Security update for kernel-firmware Message-ID: <169178580279.6992.16910245293855145331@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3298-1 Rating: moderate References: * #1213287 Cross-References: * CVE-2023-20569 CVSS scores: * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3298=1 openSUSE-SLE-15.5-2023-3298=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3298=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-firmware-bnx2-20230724-150500.3.6.1 * ucode-amd-20230724-150500.3.6.1 * kernel-firmware-ath11k-20230724-150500.3.6.1 * kernel-firmware-mellanox-20230724-150500.3.6.1 * kernel-firmware-network-20230724-150500.3.6.1 * kernel-firmware-nfp-20230724-150500.3.6.1 * kernel-firmware-chelsio-20230724-150500.3.6.1 * kernel-firmware-qlogic-20230724-150500.3.6.1 * kernel-firmware-intel-20230724-150500.3.6.1 * kernel-firmware-ath10k-20230724-150500.3.6.1 * kernel-firmware-radeon-20230724-150500.3.6.1 * kernel-firmware-all-20230724-150500.3.6.1 * kernel-firmware-platform-20230724-150500.3.6.1 * kernel-firmware-dpaa2-20230724-150500.3.6.1 * kernel-firmware-brcm-20230724-150500.3.6.1 * kernel-firmware-usb-network-20230724-150500.3.6.1 * kernel-firmware-qcom-20230724-150500.3.6.1 * kernel-firmware-serial-20230724-150500.3.6.1 * kernel-firmware-20230724-150500.3.6.1 * kernel-firmware-iwlwifi-20230724-150500.3.6.1 * kernel-firmware-sound-20230724-150500.3.6.1 * kernel-firmware-marvell-20230724-150500.3.6.1 * kernel-firmware-nvidia-20230724-150500.3.6.1 * kernel-firmware-i915-20230724-150500.3.6.1 * kernel-firmware-realtek-20230724-150500.3.6.1 * kernel-firmware-ti-20230724-150500.3.6.1 * kernel-firmware-ueagle-20230724-150500.3.6.1 * kernel-firmware-atheros-20230724-150500.3.6.1 * kernel-firmware-bluetooth-20230724-150500.3.6.1 * kernel-firmware-amdgpu-20230724-150500.3.6.1 * kernel-firmware-liquidio-20230724-150500.3.6.1 * kernel-firmware-mwifiex-20230724-150500.3.6.1 * kernel-firmware-prestera-20230724-150500.3.6.1 * kernel-firmware-media-20230724-150500.3.6.1 * kernel-firmware-mediatek-20230724-150500.3.6.1 * Basesystem Module 15-SP5 (noarch) * kernel-firmware-bnx2-20230724-150500.3.6.1 * ucode-amd-20230724-150500.3.6.1 * kernel-firmware-ath11k-20230724-150500.3.6.1 * kernel-firmware-mellanox-20230724-150500.3.6.1 * kernel-firmware-network-20230724-150500.3.6.1 * kernel-firmware-nfp-20230724-150500.3.6.1 * kernel-firmware-chelsio-20230724-150500.3.6.1 * kernel-firmware-qlogic-20230724-150500.3.6.1 * kernel-firmware-intel-20230724-150500.3.6.1 * kernel-firmware-ath10k-20230724-150500.3.6.1 * kernel-firmware-radeon-20230724-150500.3.6.1 * kernel-firmware-all-20230724-150500.3.6.1 * kernel-firmware-platform-20230724-150500.3.6.1 * kernel-firmware-dpaa2-20230724-150500.3.6.1 * kernel-firmware-brcm-20230724-150500.3.6.1 * kernel-firmware-usb-network-20230724-150500.3.6.1 * kernel-firmware-qcom-20230724-150500.3.6.1 * kernel-firmware-serial-20230724-150500.3.6.1 * kernel-firmware-iwlwifi-20230724-150500.3.6.1 * kernel-firmware-sound-20230724-150500.3.6.1 * kernel-firmware-marvell-20230724-150500.3.6.1 * kernel-firmware-nvidia-20230724-150500.3.6.1 * kernel-firmware-i915-20230724-150500.3.6.1 * kernel-firmware-realtek-20230724-150500.3.6.1 * kernel-firmware-ti-20230724-150500.3.6.1 * kernel-firmware-ueagle-20230724-150500.3.6.1 * kernel-firmware-atheros-20230724-150500.3.6.1 * kernel-firmware-bluetooth-20230724-150500.3.6.1 * kernel-firmware-amdgpu-20230724-150500.3.6.1 * kernel-firmware-liquidio-20230724-150500.3.6.1 * kernel-firmware-mwifiex-20230724-150500.3.6.1 * kernel-firmware-prestera-20230724-150500.3.6.1 * kernel-firmware-media-20230724-150500.3.6.1 * kernel-firmware-mediatek-20230724-150500.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20569.html * https://bugzilla.suse.com/show_bug.cgi?id=1213287 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 11 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Aug 2023 20:30:04 -0000 Subject: SUSE-RU-2023:3297-1: moderate: Recommended update for yast2-cluster Message-ID: <169178580486.6992.18002661888242505939@smelt2.suse.de> # Recommended update for yast2-cluster Announcement ID: SUSE-RU-2023:3297-1 Rating: moderate References: * #1209602 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-cluster fixes the following issues: * Fix bugs affecting yast2-cluster write function (bsc#1209602) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3297=1 openSUSE-SLE-15.4-2023-3297=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3297=1 ## Package List: * openSUSE Leap 15.4 (noarch) * yast2-cluster-4.4.4-150400.3.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * yast2-cluster-4.4.4-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209602 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Aug 12 07:08:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:08:11 +0200 (CEST) Subject: SUSE-CU-2023:2581-1: Security update of suse/sle15 Message-ID: <20230812070811.74096FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2581-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.801 Container Release : 6.2.801 Severity : important Type : security References : 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3264-1 Released: Thu Aug 10 16:05:20 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.34.1 updated From sle-updates at lists.suse.com Sat Aug 12 07:10:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:10:03 +0200 (CEST) Subject: SUSE-CU-2023:2582-1: Security update of suse/sle15 Message-ID: <20230812071003.E35D4FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2582-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.166 , suse/sle15:15.3 , suse/sle15:15.3.17.20.166 Container Release : 17.20.166 Severity : important Type : security References : 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3264-1 Released: Thu Aug 10 16:05:20 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.34.1 updated From sle-updates at lists.suse.com Sat Aug 12 07:14:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:14:25 +0200 (CEST) Subject: SUSE-CU-2023:2587-1: Security update of suse/sle15 Message-ID: <20230812071425.79260FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2587-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.86 , suse/sle15:15.4 , suse/sle15:15.4.27.14.86 Container Release : 27.14.86 Severity : important Type : security References : 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3264-1 Released: Thu Aug 10 16:05:20 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.34.1 updated From sle-updates at lists.suse.com Sat Aug 12 07:14:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:14:44 +0200 (CEST) Subject: SUSE-CU-2023:2590-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230812071444.12C8EFC31@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2590-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-10.24 , bci/dotnet-aspnet:6.0.20 , bci/dotnet-aspnet:6.0.20-10.24 Container Release : 10.24 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sat Aug 12 07:14:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:14:53 +0200 (CEST) Subject: SUSE-CU-2023:2592-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230812071453.D0DB3FC31@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2592-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.24 , bci/dotnet-aspnet:7.0.9 , bci/dotnet-aspnet:7.0.9-10.24 , bci/dotnet-aspnet:latest Container Release : 10.24 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sat Aug 12 07:15:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:15:06 +0200 (CEST) Subject: SUSE-CU-2023:2594-1: Recommended update of bci/dotnet-sdk Message-ID: <20230812071506.3363EFC31@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2594-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-9.24 , bci/dotnet-sdk:6.0.20 , bci/dotnet-sdk:6.0.20-9.24 Container Release : 9.24 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sat Aug 12 07:15:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:15:17 +0200 (CEST) Subject: SUSE-CU-2023:2596-1: Recommended update of bci/dotnet-sdk Message-ID: <20230812071517.D12EDFC31@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2596-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.24 , bci/dotnet-sdk:7.0.9 , bci/dotnet-sdk:7.0.9-11.24 , bci/dotnet-sdk:latest Container Release : 11.24 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sat Aug 12 07:15:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:15:28 +0200 (CEST) Subject: SUSE-CU-2023:2598-1: Recommended update of bci/dotnet-runtime Message-ID: <20230812071528.3372AFC31@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2598-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-9.24 , bci/dotnet-runtime:6.0.20 , bci/dotnet-runtime:6.0.20-9.24 Container Release : 9.24 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sat Aug 12 07:15:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:15:38 +0200 (CEST) Subject: SUSE-CU-2023:2600-1: Recommended update of bci/dotnet-runtime Message-ID: <20230812071538.CB669FC31@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2600-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.24 , bci/dotnet-runtime:7.0.9 , bci/dotnet-runtime:7.0.9-11.24 , bci/dotnet-runtime:latest Container Release : 11.24 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sat Aug 12 07:15:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:15:47 +0200 (CEST) Subject: SUSE-CU-2023:2601-1: Security update of bci/golang Message-ID: <20230812071547.53177FC31@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2601-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.8.3 , bci/golang:oldstable , bci/golang:oldstable-2.8.3 Container Release : 8.3 Severity : important Type : security References : 1200441 1213880 CVE-2023-29409 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3263-1 Released: Thu Aug 10 16:03:41 2023 Summary: Security update for go1.19 Type: security Severity: important References: 1200441,1213880,CVE-2023-29409 This update for go1.19 fixes the following issues: - Update to go v1.19.12 (released 2023-08-01) (bsc#1200441) - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) The following package changes have been done: - go1.19-doc-1.19.12-150000.1.40.1 updated - go1.19-1.19.12-150000.1.40.1 updated - go1.19-race-1.19.12-150000.1.40.1 updated - container:sles15-image-15.0.0-36.5.23 updated From sle-updates at lists.suse.com Sat Aug 12 07:18:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:18:33 +0200 (CEST) Subject: SUSE-CU-2023:2620-1: Security update of suse/sle15 Message-ID: <20230812071833.11512FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2620-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.23 , suse/sle15:15.5 , suse/sle15:15.5.36.5.23 Container Release : 36.5.23 Severity : important Type : security References : 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3264-1 Released: Thu Aug 10 16:05:20 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.34.1 updated From sle-updates at lists.suse.com Sat Aug 12 07:20:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Aug 2023 09:20:13 +0200 (CEST) Subject: SUSE-CU-2023:2623-1: Security update of trento/trento-web Message-ID: <20230812072013.98B3FFC31@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2623-1 Container Tags : trento/trento-web:2.1.0 , trento/trento-web:2.1.0-build4.24.1 , trento/trento-web:latest Container Release : 4.24.1 Severity : important Type : security References : 1206513 1208721 1209229 1210434 1210593 1210999 1211795 1211828 1212260 CVE-2023-29491 CVE-2023-2953 CVE-2023-31484 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) The following package changes have been done: - libldap-data-2.4.46-150200.14.17.1 updated - glibc-2.31-150300.52.2 updated - perl-base-5.26.1-150300.17.14.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libcap2-2.63-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libaudit1-3.0.6-150400.4.10.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libxml2-2-2.9.14-150400.5.19.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.48.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:bci-nodejs-16-15.0.0-27.14.85 updated - container:sles15-image-15.0.0-27.14.85 updated From sle-updates at lists.suse.com Sun Aug 13 07:02:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:02:50 +0200 (CEST) Subject: SUSE-CU-2023:2624-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20230813070250.14887FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2624-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.14 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.14 Severity : moderate Type : recommended References : 1155879 1213472 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3274-1 Released: Fri Aug 11 10:17:36 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: 1155879 This update for man fixes the following issues: - Avoid refreshing database by inverting exit status of find command (bsc#1155879) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3276-1 Released: Fri Aug 11 10:20:40 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) The following package changes have been done: - libapparmor1-3.0.4-150500.11.3.1 updated - login_defs-4.8.1-150400.10.9.1 updated - man-2.7.6-150100.8.3.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sun Aug 13 07:05:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:05:35 +0200 (CEST) Subject: SUSE-CU-2023:2625-1: Recommended update of suse/sles12sp5 Message-ID: <20230813070535.685FFFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2625-1 Container Tags : suse/sles12sp5:6.5.498 , suse/sles12sp5:latest Container Release : 6.5.498 Severity : moderate Type : recommended References : 1052837 1212955 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3281-1 Released: Fri Aug 11 10:24:11 2023 Summary: Recommended update for insserv-compat Type: recommended Severity: moderate References: 1052837,1212955 This update for insserv-compat fixes the following issues: - Remove not needed named entry from insserv.conf (bsc#1052837, bsc#1212955) The following package changes have been done: - insserv-compat-0.1-14.6.1 updated From sle-updates at lists.suse.com Sun Aug 13 07:08:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:08:28 +0200 (CEST) Subject: SUSE-CU-2023:2626-1: Security update of suse/sle15 Message-ID: <20230813070828.4957CFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2626-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.327 Container Release : 9.5.327 Severity : moderate Type : security References : 1213517 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3291-1 Released: Fri Aug 11 12:51:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.75.1 updated - libopenssl1_1-1.1.1d-150200.11.75.1 updated - openssl-1_1-1.1.1d-150200.11.75.1 updated From sle-updates at lists.suse.com Sun Aug 13 07:10:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:10:47 +0200 (CEST) Subject: SUSE-CU-2023:2627-1: Security update of suse/sle15 Message-ID: <20230813071047.46364FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2627-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.167 , suse/sle15:15.3 , suse/sle15:15.3.17.20.167 Container Release : 17.20.167 Severity : moderate Type : security References : 1206627 1213189 1213517 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3284-1 Released: Fri Aug 11 10:29:50 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3291-1 Released: Fri Aug 11 12:51:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.75.1 updated - libopenssl1_1-1.1.1d-150200.11.75.1 updated - login_defs-4.8.1-150300.4.9.1 updated - openssl-1_1-1.1.1d-150200.11.75.1 updated - shadow-4.8.1-150300.4.9.1 updated From sle-updates at lists.suse.com Sun Aug 13 07:12:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:12:08 +0200 (CEST) Subject: SUSE-CU-2023:2628-1: Recommended update of bci/bci-init Message-ID: <20230813071208.E9D0FFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2628-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.32 Container Release : 29.32 Severity : moderate Type : recommended References : 1194038 1194900 1206627 1213189 1213472 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) The following package changes have been done: - libuuid1-2.37.2-150400.8.20.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libmount1-2.37.2-150400.8.20.1 updated - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - util-linux-2.37.2-150400.8.20.1 updated - libapparmor1-3.0.4-150400.5.6.1 updated - container:sles15-image-15.0.0-27.14.87 updated From sle-updates at lists.suse.com Sun Aug 13 07:14:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:14:10 +0200 (CEST) Subject: SUSE-CU-2023:2630-1: Recommended update of suse/pcp Message-ID: <20230813071410.43DB3FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2630-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.71 , suse/pcp:5.2 , suse/pcp:5.2-17.71 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.71 Container Release : 17.71 Severity : moderate Type : recommended References : 1194038 1194900 1206627 1213189 1213472 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) The following package changes have been done: - libuuid1-2.37.2-150400.8.20.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libmount1-2.37.2-150400.8.20.1 updated - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - util-linux-2.37.2-150400.8.20.1 updated - libapparmor1-3.0.4-150400.5.6.1 updated - util-linux-systemd-2.37.2-150400.8.20.1 updated - container:bci-bci-init-15.4-15.4-29.32 updated From sle-updates at lists.suse.com Sun Aug 13 07:14:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:14:24 +0200 (CEST) Subject: SUSE-CU-2023:2631-1: Recommended update of suse/postgres Message-ID: <20230813071424.DE32AFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2631-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.37 , suse/postgres:14.8 , suse/postgres:14.8-22.37 Container Release : 22.37 Severity : moderate Type : recommended References : 1194038 1194900 1206627 1213189 1213472 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) The following package changes have been done: - libuuid1-2.37.2-150400.8.20.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libmount1-2.37.2-150400.8.20.1 updated - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - util-linux-2.37.2-150400.8.20.1 updated - libapparmor1-3.0.4-150400.5.6.1 updated - container:sles15-image-15.0.0-27.14.87 updated From sle-updates at lists.suse.com Sun Aug 13 07:15:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:15:29 +0200 (CEST) Subject: SUSE-CU-2023:2632-1: Recommended update of bci/python Message-ID: <20230813071529.E1A1AFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2632-1 Container Tags : bci/python:3 , bci/python:3-15.30 , bci/python:3.10 , bci/python:3.10-15.30 Container Release : 15.30 Severity : moderate Type : recommended References : 1194038 1194900 1206627 1213189 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) The following package changes have been done: - libuuid1-2.37.2-150400.8.20.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libmount1-2.37.2-150400.8.20.1 updated - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - util-linux-2.37.2-150400.8.20.1 updated - container:sles15-image-15.0.0-27.14.87 updated From sle-updates at lists.suse.com Sun Aug 13 07:16:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:16:29 +0200 (CEST) Subject: SUSE-CU-2023:2633-1: Recommended update of suse/sle15 Message-ID: <20230813071629.0B964FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2633-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.87 , suse/sle15:15.4 , suse/sle15:15.4.27.14.87 Container Release : 27.14.87 Severity : moderate Type : recommended References : 1194038 1194900 1206627 1213189 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) The following package changes have been done: - libblkid1-2.37.2-150400.8.20.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libmount1-2.37.2-150400.8.20.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - util-linux-2.37.2-150400.8.20.1 updated From sle-updates at lists.suse.com Sun Aug 13 07:16:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:16:38 +0200 (CEST) Subject: SUSE-CU-2023:2634-1: Recommended update of suse/registry Message-ID: <20230813071638.B2481FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2634-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.16 , suse/registry:latest Container Release : 14.16 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated From sle-updates at lists.suse.com Sun Aug 13 07:16:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:16:49 +0200 (CEST) Subject: SUSE-CU-2023:2635-1: Recommended update of bci/golang Message-ID: <20230813071649.1C823FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2635-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.8.5 , bci/golang:oldstable , bci/golang:oldstable-2.8.5 Container Release : 8.5 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sun Aug 13 07:17:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:17:02 +0200 (CEST) Subject: SUSE-CU-2023:2636-1: Recommended update of bci/golang Message-ID: <20230813071702.79BD3FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2636-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.9.4 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.9.4 Container Release : 9.4 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sun Aug 13 07:17:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:17:15 +0200 (CEST) Subject: SUSE-CU-2023:2637-1: Recommended update of bci/bci-init Message-ID: <20230813071715.3E119FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2637-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.37 , bci/bci-init:latest Container Release : 8.37 Severity : moderate Type : recommended References : 1206627 1213189 1213472 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3276-1 Released: Fri Aug 11 10:20:40 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - libapparmor1-3.0.4-150500.11.3.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sun Aug 13 07:17:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:17:33 +0200 (CEST) Subject: SUSE-CU-2023:2639-1: Recommended update of bci/nodejs Message-ID: <20230813071733.ABB4EFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2639-1 Container Tags : bci/node:16 , bci/node:16-9.28 , bci/nodejs:16 , bci/nodejs:16-9.28 Container Release : 9.28 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sun Aug 13 07:17:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:17:47 +0200 (CEST) Subject: SUSE-CU-2023:2640-1: Recommended update of bci/nodejs Message-ID: <20230813071747.74FC4FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2640-1 Container Tags : bci/node:18 , bci/node:18-9.11 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-9.11 , bci/nodejs:latest Container Release : 9.11 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sun Aug 13 07:18:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:18:03 +0200 (CEST) Subject: SUSE-CU-2023:2641-1: Security update of bci/openjdk-devel Message-ID: <20230813071803.04B79FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2641-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.54 Container Release : 8.54 Severity : important Type : security References : 1206627 1207922 1213189 1213473 1213474 1213475 1213479 1213481 1213482 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3287-1 Released: Fri Aug 11 12:27:11 2023 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1207922,1213473,1213474,1213475,1213479,1213481,1213482,CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 (July 2023 CPU): - CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). - CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). - CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). - CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). - CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). - CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). - JDK-8298676: Enhanced Look and Feel - JDK-8300285: Enhance TLS data handling - JDK-8300596: Enhance Jar Signature validation - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 - JDK-8302475: Enhance HTTP client file downloading - JDK-8302483: Enhance ZIP performance - JDK-8303376: Better launching of JDI - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling - JDK-8308682: Enhance AES performance Bugfixes: - JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed - JDK-8178806: Better exception logging in crypto code - JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out - JDK-8209167: Use CLDR's time zone mappings for Windows - JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx - JDK-8209880: tzdb.dat is not reproducibly built - JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails - JDK-8214459: NSS source should be removed - JDK-8214807: Improve handling of very old class files - JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests - JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded - JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException - JDK-8243936: NonWriteable system properties are actually writeable - JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider - JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence - JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation - JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer - JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer - JDK-8265486: ProblemList javax/sound/midi/Sequencer/ /Recording.java on macosx-aarch64 - JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped - JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input? - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 - JDK-8278434: timeouts in test java/time/test/java/time/format/ /TestZoneTextPrinterParser.java - JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282467: add extra diagnostics for JDK-8268184 - JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary - JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 - JDK-8285497: Add system property for Java SE specification maintenance version - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8289301: P11Cipher should not throw out of bounds exception during padding - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8293232: Fix race condition in pkcs11 SessionManager - JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation - JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316 - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300205: Swing test bug8078268 make latch timeout configurable - JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550 - JDK-8301119: Support for GB18030-2022 - JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns - JDK-8301401: Allow additional characters for GB18030-2022 support - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20 - JDK-8303440: The 'ZonedDateTime.parse' may not accept the 'UTC+XX' zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303564: C2: 'Bad graph detected in build_loop_late' after a CMove is wrongly split thru phi - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap VM - JDK-8305682: Update the javadoc in the Character class to state support for GB 18030-2022 Implementation Level 2 - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8306543: GHA: MSVC installation is failing - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8307134: Add GTS root CAs - JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after backport of JDK-8303861 - JDK-8308006: Missing NMT memory tagging in CMS - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently - JDK-8311465: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20 The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - java-11-openjdk-headless-11.0.20.0-150000.3.99.1 updated - java-11-openjdk-11.0.20.0-150000.3.99.1 updated - java-11-openjdk-devel-11.0.20.0-150000.3.99.1 updated - container:bci-openjdk-11-15.5.11-9.27 updated From sle-updates at lists.suse.com Sun Aug 13 07:18:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:18:16 +0200 (CEST) Subject: SUSE-CU-2023:2642-1: Security update of bci/openjdk Message-ID: <20230813071816.9D578FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2642-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.27 Container Release : 9.27 Severity : important Type : security References : 1206627 1207922 1213189 1213473 1213474 1213475 1213479 1213481 1213482 CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3287-1 Released: Fri Aug 11 12:27:11 2023 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1207922,1213473,1213474,1213475,1213479,1213481,1213482,CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 (July 2023 CPU): - CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). - CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). - CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). - CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). - CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). - CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). - JDK-8298676: Enhanced Look and Feel - JDK-8300285: Enhance TLS data handling - JDK-8300596: Enhance Jar Signature validation - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 - JDK-8302475: Enhance HTTP client file downloading - JDK-8302483: Enhance ZIP performance - JDK-8303376: Better launching of JDI - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling - JDK-8308682: Enhance AES performance Bugfixes: - JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed - JDK-8178806: Better exception logging in crypto code - JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out - JDK-8209167: Use CLDR's time zone mappings for Windows - JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx - JDK-8209880: tzdb.dat is not reproducibly built - JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails - JDK-8214459: NSS source should be removed - JDK-8214807: Improve handling of very old class files - JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests - JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded - JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException - JDK-8243936: NonWriteable system properties are actually writeable - JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider - JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence - JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation - JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer - JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer - JDK-8265486: ProblemList javax/sound/midi/Sequencer/ /Recording.java on macosx-aarch64 - JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped - JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input? - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 - JDK-8278434: timeouts in test java/time/test/java/time/format/ /TestZoneTextPrinterParser.java - JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282467: add extra diagnostics for JDK-8268184 - JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary - JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 - JDK-8285497: Add system property for Java SE specification maintenance version - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8289301: P11Cipher should not throw out of bounds exception during padding - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8293232: Fix race condition in pkcs11 SessionManager - JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation - JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316 - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300205: Swing test bug8078268 make latch timeout configurable - JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550 - JDK-8301119: Support for GB18030-2022 - JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns - JDK-8301401: Allow additional characters for GB18030-2022 support - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20 - JDK-8303440: The 'ZonedDateTime.parse' may not accept the 'UTC+XX' zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303564: C2: 'Bad graph detected in build_loop_late' after a CMove is wrongly split thru phi - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap VM - JDK-8305682: Update the javadoc in the Character class to state support for GB 18030-2022 Implementation Level 2 - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8306543: GHA: MSVC installation is failing - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8307134: Add GTS root CAs - JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after backport of JDK-8303861 - JDK-8308006: Missing NMT memory tagging in CMS - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently - JDK-8311465: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20 The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - java-11-openjdk-headless-11.0.20.0-150000.3.99.1 updated - java-11-openjdk-11.0.20.0-150000.3.99.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sun Aug 13 07:18:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:18:30 +0200 (CEST) Subject: SUSE-CU-2023:2643-1: Recommended update of bci/openjdk-devel Message-ID: <20230813071830.63C73FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2643-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.52 , bci/openjdk-devel:latest Container Release : 10.52 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:bci-openjdk-17-15.5.17-10.27 updated From sle-updates at lists.suse.com Sun Aug 13 07:18:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:18:43 +0200 (CEST) Subject: SUSE-CU-2023:2644-1: Recommended update of bci/openjdk Message-ID: <20230813071843.E9CAFFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2644-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.27 , bci/openjdk:latest Container Release : 10.27 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Sun Aug 13 07:18:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:18:55 +0200 (CEST) Subject: SUSE-CU-2023:2645-1: Recommended update of suse/pcp Message-ID: <20230813071855.54BABFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2645-1 Container Tags : suse/pcp:5 , suse/pcp:5-13.18 , suse/pcp:5.2 , suse/pcp:5.2-13.18 , suse/pcp:5.2.5 , suse/pcp:5.2.5-13.18 , suse/pcp:latest Container Release : 13.18 Severity : moderate Type : recommended References : 1206627 1213189 1213472 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3276-1 Released: Fri Aug 11 10:20:40 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - libapparmor1-3.0.4-150500.11.3.1 updated - container:bci-bci-init-15.5-15.5-8.37 updated From sle-updates at lists.suse.com Sun Aug 13 07:19:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Aug 2023 09:19:06 +0200 (CEST) Subject: SUSE-CU-2023:2646-1: Recommended update of bci/php-apache Message-ID: <20230813071906.8C5C9FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2646-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.26 Container Release : 6.26 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Mon Aug 14 07:03:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:03:23 +0200 (CEST) Subject: SUSE-CU-2023:2647-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230814070323.9BC49FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2647-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.184 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.184 Severity : moderate Type : recommended References : 1155879 1194038 1194900 1206627 1211461 1213189 1213472 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3270-1 Released: Thu Aug 10 19:34:35 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211461 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3274-1 Released: Fri Aug 11 10:17:36 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: 1155879 This update for man fixes the following issues: - Avoid refreshing database by inverting exit status of find command (bsc#1155879) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) The following package changes have been done: - libapparmor1-3.0.4-150400.5.6.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libmount1-2.37.2-150400.8.20.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - login_defs-4.8.1-150400.10.9.1 updated - man-2.7.6-150100.8.3.1 updated - shadow-4.8.1-150400.10.9.1 updated - util-linux-systemd-2.37.2-150400.8.20.1 updated - util-linux-2.37.2-150400.8.20.1 updated - vim-data-common-9.0.1572-150000.5.49.1 updated - vim-9.0.1572-150000.5.49.1 updated - container:sles15-image-15.0.0-27.14.87 updated From sle-updates at lists.suse.com Mon Aug 14 07:03:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:03:58 +0200 (CEST) Subject: SUSE-CU-2023:2648-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230814070358.C7958FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2648-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.81 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.81 Severity : moderate Type : recommended References : 1155879 1194038 1194900 1211461 1213472 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3270-1 Released: Thu Aug 10 19:34:35 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211461 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3274-1 Released: Fri Aug 11 10:17:36 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: 1155879 This update for man fixes the following issues: - Avoid refreshing database by inverting exit status of find command (bsc#1155879) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3275-1 Released: Fri Aug 11 10:19:36 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) The following package changes have been done: - libapparmor1-3.0.4-150400.5.6.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libmount1-2.37.2-150400.8.20.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - login_defs-4.8.1-150400.10.9.1 updated - man-2.7.6-150100.8.3.1 updated - shadow-4.8.1-150400.10.9.1 updated - util-linux-systemd-2.37.2-150400.8.20.1 updated - util-linux-2.37.2-150400.8.20.1 updated - vim-data-common-9.0.1572-150000.5.49.1 updated - vim-9.0.1572-150000.5.49.1 updated - container:sles15-image-15.0.0-27.14.87 updated From sle-updates at lists.suse.com Mon Aug 14 07:04:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:04:44 +0200 (CEST) Subject: SUSE-CU-2023:2649-1: Recommended update of suse/389-ds Message-ID: <20230814070444.5498AFC31@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2649-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.38 , suse/389-ds:latest Container Release : 14.38 Severity : moderate Type : recommended References : 1206627 1212726 1213189 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3277-1 Released: Fri Aug 11 10:21:15 2023 Summary: Recommended update for 389-ds Type: recommended Severity: moderate References: 1212726 This update for 389-ds fixes the following issues: - SSSD client performance improvements (bsc#1212726) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - libsvrcore0-2.2.8~git21.c11e86f-150500.3.8.1 updated - lib389-2.2.8~git21.c11e86f-150500.3.8.1 updated - 389-ds-2.2.8~git21.c11e86f-150500.3.8.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Mon Aug 14 07:04:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:04:53 +0200 (CEST) Subject: SUSE-CU-2023:2646-1: Recommended update of bci/php-apache Message-ID: <20230814070453.BC5B4FC31@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2646-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.26 Container Release : 6.26 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Mon Aug 14 07:05:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:05:03 +0200 (CEST) Subject: SUSE-CU-2023:2650-1: Recommended update of bci/php-fpm Message-ID: <20230814070503.C3697FC31@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2650-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.25 Container Release : 6.25 Severity : moderate Type : recommended References : 1206627 1213189 1213472 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3276-1 Released: Fri Aug 11 10:20:40 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - libapparmor1-3.0.4-150500.11.3.1 updated - container:sles15-image-15.0.0-36.5.24 updated From sle-updates at lists.suse.com Mon Aug 14 07:05:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:05:12 +0200 (CEST) Subject: SUSE-CU-2023:2651-1: Recommended update of bci/php Message-ID: <20230814070512.E937EFC31@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2651-1 Container Tags : bci/php:8 , bci/php:8-6.25 Container Release : 6.25 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated From sle-updates at lists.suse.com Mon Aug 14 07:05:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:05:19 +0200 (CEST) Subject: SUSE-CU-2023:2652-1: Recommended update of suse/postgres Message-ID: <20230814070519.B11A6FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2652-1 Container Tags : suse/postgres:14 , suse/postgres:14-12.27 , suse/postgres:14.8 , suse/postgres:14.8-12.27 Container Release : 12.27 Severity : moderate Type : recommended References : 1206627 1213189 1213472 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3276-1 Released: Fri Aug 11 10:20:40 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - libapparmor1-3.0.4-150500.11.3.1 updated From sle-updates at lists.suse.com Mon Aug 14 07:05:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:05:27 +0200 (CEST) Subject: SUSE-CU-2023:2653-1: Recommended update of suse/postgres Message-ID: <20230814070527.34C74FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2653-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.27 , suse/postgres:15.3 , suse/postgres:15.3-9.27 , suse/postgres:latest Container Release : 9.27 Severity : moderate Type : recommended References : 1206627 1213189 1213472 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3276-1 Released: Fri Aug 11 10:20:40 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - libapparmor1-3.0.4-150500.11.3.1 updated From sle-updates at lists.suse.com Mon Aug 14 07:05:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:05:38 +0200 (CEST) Subject: SUSE-CU-2023:2654-1: Recommended update of bci/python Message-ID: <20230814070538.09B53FC31@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2654-1 Container Tags : bci/python:3 , bci/python:3-8.34 , bci/python:3.11 , bci/python:3.11-8.34 , bci/python:latest Container Release : 8.34 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated From sle-updates at lists.suse.com Mon Aug 14 07:05:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:05:47 +0200 (CEST) Subject: SUSE-CU-2023:2655-1: Recommended update of bci/python Message-ID: <20230814070547.EF3B2FC31@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2655-1 Container Tags : bci/python:3 , bci/python:3-10.31 , bci/python:3.6 , bci/python:3.6-10.31 Container Release : 10.31 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated From sle-updates at lists.suse.com Mon Aug 14 07:05:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:05:56 +0200 (CEST) Subject: SUSE-CU-2023:2656-1: Recommended update of bci/ruby Message-ID: <20230814070556.0153CFC31@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2656-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.24 , bci/ruby:2.5 , bci/ruby:2.5-10.24 , bci/ruby:latest Container Release : 10.24 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated From sle-updates at lists.suse.com Mon Aug 14 07:06:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:06:06 +0200 (CEST) Subject: SUSE-CU-2023:2657-1: Recommended update of bci/rust Message-ID: <20230814070606.646AFFC31@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2657-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-2.9.9 , bci/rust:oldstable , bci/rust:oldstable-2.9.9 Container Release : 9.9 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated From sle-updates at lists.suse.com Mon Aug 14 07:06:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:06:16 +0200 (CEST) Subject: SUSE-CU-2023:2658-1: Recommended update of bci/rust Message-ID: <20230814070616.C4909FC31@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2658-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-1.10.10 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.10.10 Container Release : 10.10 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated From sle-updates at lists.suse.com Mon Aug 14 07:06:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:06:24 +0200 (CEST) Subject: SUSE-CU-2023:2659-1: Recommended update of suse/sle15 Message-ID: <20230814070624.A2604FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2659-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.24 , suse/sle15:15.5 , suse/sle15:15.5.36.5.24 Container Release : 36.5.24 Severity : moderate Type : recommended References : 1206627 1213189 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated From sle-updates at lists.suse.com Mon Aug 14 07:07:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:07:08 +0200 (CEST) Subject: SUSE-CU-2023:2660-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20230814070708.AEAC0FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2660-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.435 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.435 Severity : moderate Type : recommended References : 1155879 1211461 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3270-1 Released: Thu Aug 10 19:34:35 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211461 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3274-1 Released: Fri Aug 11 10:17:36 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: 1155879 This update for man fixes the following issues: - Avoid refreshing database by inverting exit status of find command (bsc#1155879) The following package changes have been done: - man-2.7.6-150100.8.3.1 updated - vim-data-common-9.0.1572-150000.5.49.1 updated - vim-9.0.1572-150000.5.49.1 updated - container:sles15-image-15.0.0-17.20.166 updated From sle-updates at lists.suse.com Mon Aug 14 07:07:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:07:09 +0200 (CEST) Subject: SUSE-CU-2023:2661-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230814070709.C1C0CFC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2661-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.436 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.436 Severity : moderate Type : security References : 1206627 1213189 1213517 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3284-1 Released: Fri Aug 11 10:29:50 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3291-1 Released: Fri Aug 11 12:51:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.75.1 updated - libopenssl1_1-1.1.1d-150200.11.75.1 updated - login_defs-4.8.1-150300.4.9.1 updated - openssl-1_1-1.1.1d-150200.11.75.1 updated - shadow-4.8.1-150300.4.9.1 updated - container:sles15-image-15.0.0-17.20.167 updated From sle-updates at lists.suse.com Mon Aug 14 07:07:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:07:53 +0200 (CEST) Subject: SUSE-CU-2023:2662-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20230814070753.824C3FC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2662-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.257 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.257 Severity : moderate Type : recommended References : 1155879 1211461 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3270-1 Released: Thu Aug 10 19:34:35 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211461 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3274-1 Released: Fri Aug 11 10:17:36 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: 1155879 This update for man fixes the following issues: - Avoid refreshing database by inverting exit status of find command (bsc#1155879) The following package changes have been done: - man-2.7.6-150100.8.3.1 updated - vim-data-common-9.0.1572-150000.5.49.1 updated - vim-9.0.1572-150000.5.49.1 updated - container:sles15-image-15.0.0-17.20.166 updated From sle-updates at lists.suse.com Mon Aug 14 07:07:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 09:07:54 +0200 (CEST) Subject: SUSE-CU-2023:2663-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230814070754.905FDFC31@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2663-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.258 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.258 Severity : moderate Type : security References : 1206627 1213189 1213517 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3284-1 Released: Fri Aug 11 10:29:50 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3291-1 Released: Fri Aug 11 12:51:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.75.1 updated - libopenssl1_1-1.1.1d-150200.11.75.1 updated - login_defs-4.8.1-150300.4.9.1 updated - openssl-1_1-1.1.1d-150200.11.75.1 updated - shadow-4.8.1-150300.4.9.1 updated - container:sles15-image-15.0.0-17.20.167 updated From sle-updates at lists.suse.com Mon Aug 14 08:30:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 08:30:39 -0000 Subject: SUSE-SU-2023:3302-1: important: Security update for the Linux Kernel Message-ID: <169200183935.25788.13478592299107617353@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3302-1 Rating: important References: * #1150305 * #1187829 * #1193629 * #1194869 * #1206418 * #1207129 * #1207894 * #1207948 * #1208788 * #1210335 * #1210565 * #1210584 * #1210627 * #1210780 * #1210825 * #1210853 * #1211014 * #1211131 * #1211243 * #1211738 * #1211811 * #1211867 * #1212051 * #1212256 * #1212265 * #1212301 * #1212445 * #1212456 * #1212502 * #1212525 * #1212603 * #1212604 * #1212685 * #1212766 * #1212835 * #1212838 * #1212842 * #1212846 * #1212848 * #1212861 * #1212869 * #1212892 * #1212901 * #1212905 * #1212961 * #1213010 * #1213011 * #1213012 * #1213013 * #1213014 * #1213015 * #1213016 * #1213017 * #1213018 * #1213019 * #1213020 * #1213021 * #1213024 * #1213025 * #1213032 * #1213034 * #1213035 * #1213036 * #1213037 * #1213038 * #1213039 * #1213040 * #1213041 * #1213059 * #1213061 * #1213087 * #1213088 * #1213089 * #1213090 * #1213092 * #1213093 * #1213094 * #1213095 * #1213096 * #1213098 * #1213099 * #1213100 * #1213102 * #1213103 * #1213104 * #1213105 * #1213106 * #1213107 * #1213108 * #1213109 * #1213110 * #1213111 * #1213112 * #1213113 * #1213114 * #1213116 * #1213134 * #1213167 * #1213205 * #1213206 * #1213226 * #1213233 * #1213245 * #1213247 * #1213252 * #1213258 * #1213259 * #1213263 * #1213264 * #1213272 * #1213286 * #1213287 * #1213304 * #1213417 * #1213493 * #1213523 * #1213524 * #1213533 * #1213543 * #1213578 * #1213585 * #1213586 * #1213588 * #1213601 * #1213620 * #1213632 * #1213653 * #1213705 * #1213713 * #1213715 * #1213747 * #1213756 * #1213759 * #1213777 * #1213810 * #1213812 * #1213856 * #1213857 * #1213863 * #1213867 * #1213870 * #1213871 * #1213872 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-1829 * CVE-2023-20569 * CVE-2023-20593 * CVE-2023-21400 * CVE-2023-2156 * CVE-2023-2166 * CVE-2023-2430 * CVE-2023-2985 * CVE-2023-3090 * CVE-2023-31083 * CVE-2023-3111 * CVE-2023-3117 * CVE-2023-31248 * CVE-2023-3212 * CVE-2023-3268 * CVE-2023-3389 * CVE-2023-3390 * CVE-2023-35001 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 * CVE-2023-3812 * CVE-2023-38409 * CVE-2023-3863 * CVE-2023-4004 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2430 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-2430 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3389 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-38409 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-38409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves 28 vulnerabilities, contains two features and has 115 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). * CVE-2023-2430: Fixed amissing lock for IOPOLL in io_cqring_event_overflow() in io_uring.c that could allow a privileged user to cause a denial of service (bsc#1211014). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). * CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-38409: Fixed a use-after-free in drivers/video/fbdev/core/fbcon.c (bsc#1213417). * CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC (bsc#1213601). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: * acpi/iort: remove erroneous id_count check in iort_node_get_rmr_info() (git- fixes). * acpi: cppc: add acpi disabled check to acpi_cpc_valid() (bsc#1212445). * acpi: cppc: add definition for undefined fadt preferred pm profile value (bsc#1212445). * acpi: fix suspend with xen pv (git-fixes). * acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). * add module_firmware() for firmware_tg357766 (git-fixes). * adreno: shutdown the gpu properly (git-fixes). * afs: adjust ack interpretation to try and cope with nat (git-fixes). * afs: fix access after dec in put functions (git-fixes). * afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes). * afs: fix dynamic root getattr (git-fixes). * afs: fix fileserver probe rtt handling (git-fixes). * afs: fix infinite loop found by xfstest generic/676 (git-fixes). * afs: fix lost servers_outstanding count (git-fixes). * afs: fix server->active leak in afs_put_server (git-fixes). * afs: fix setting of mtime when creating a file/dir/symlink (git-fixes). * afs: fix updating of i_size with dv jump from server (git-fixes). * afs: fix vlserver probe rtt handling (git-fixes). * afs: return -eagain, not -eremoteio, when a file already locked (git-fixes). * afs: use refcount_t rather than atomic_t (git-fixes). * afs: use the operation issue time instead of the reply time for callbacks (git-fixes). * alsa: ac97: fix possible null dereference in snd_ac97_mixer (git-fixes). * alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). * alsa: fireface: make read-only const array for model names static (git- fixes). * alsa: hda/realtek - remove 3k pull low procedure (git-fixes). * alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes). * alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes). * alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes). * alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes). * alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes). * alsa: hda/realtek: add quirk for clevo ns70au (git-fixes). * alsa: hda/realtek: add quirks for rog ally cs35l41 audio (git-fixes). * alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes). * alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes). * alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes). * alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes). * alsa: hda/realtek: enable mute/micmute leds and limit mic boost on elitebook (git-fixes). * alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes). * alsa: hda/realtek: support asus g713pv laptop (git-fixes). * alsa: hda/realtek: whitespace fix (git-fixes). * alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). * alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). * alsa: hda: lnl: add hd audio pci id (git-fixes). * alsa: jack: fix mutex call in snd_jack_report() (git-fixes). * alsa: oxfw: make read-only const array models static (git-fixes). * alsa: pcm: fix potential data race at pcm memory allocation helpers (git- fixes). * alsa: usb-audio: add fixed_rate quirk for jbl quantum610 wireless (git- fixes). * alsa: usb-audio: add new quirk fixed_rate for jbl quantum810 wireless (git- fixes). * alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). * alsa: usb-audio: always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (git-fixes). * alsa: usb-audio: apply mutex around snd_usb_endpoint_set_params() (git- fixes). * alsa: usb-audio: avoid superfluous endpoint setup (git-fixes). * alsa: usb-audio: avoid unnecessary interface change at ep close (git-fixes). * alsa: usb-audio: clear fixed clock rate at closing ep (git-fixes). * alsa: usb-audio: correct the return code from snd_usb_endpoint_set_params() (git-fixes). * alsa: usb-audio: drop superfluous interface setup at parsing (git-fixes). * alsa: usb-audio: fix possible null pointer dereference in snd_usb_pcm_has_fixed_rate() (git-fixes). * alsa: usb-audio: fix wrong kfree issue in snd_usb_endpoint_free_all (git- fixes). * alsa: usb-audio: more refactoring of hw constraint rules (git-fixes). * alsa: usb-audio: properly refcounting clock rate (git-fixes). * alsa: usb-audio: rate limit usb_set_interface error reporting (git-fixes). * alsa: usb-audio: refcount multiple accesses on the single clock (git-fixes). * alsa: usb-audio: split endpoint setups for hw_params and prepare (take#2) (git-fixes). * alsa: usb-audio: update for native dsd support quirks (git-fixes). * alsa: usb-audio: use atomic_try_cmpxchg in ep_state_update (git-fixes). * alsa: usb-audio: workaround for xrun at prepare (git-fixes). * amd-pstate: fix amd_pstate mode switch (git-fixes). * amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). * apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). * arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes) * arm64: add missing set/way cmo encodings (git-fixes). * arm64: dts: microchip: sparx5: do not use psci on reference boards (git- fixes) * arm64: vdso: pass (void *) to virt_to_page() (git-fixes) * arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) * arm: dts: fix erroneous ads touchscreen polarities (git-fixes). * asoc: amd: acp: fix for invalid dai id handling in acp_get_byte_count() (git-fixes). * asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). * asoc: codecs: es8316: fix dmic config (git-fixes). * asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git- fixes). * asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes). * asoc: codecs: wcd938x: fix codec initialisation race (git-fixes). * asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes). * asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). * asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes). * asoc: da7219: check for failure reading aad irq events (git-fixes). * asoc: da7219: flush pending aad irq when suspending (git-fixes). * asoc: es8316: do not set rate constraints for unsupported mclks (git-fixes). * asoc: es8316: increment max value for alc capture target volume control (git-fixes). * asoc: fsl_sai: disable bit clock with transmitter (git-fixes). * asoc: fsl_spdif: silence output on stop (git-fixes). * asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). * asoc: intel: sof_sdw: remove sof_sdw_tgl_hdmi for meteorlake devices (git- fixes). * asoc: mediatek: mt8173: fix irq error path (git-fixes). * asoc: nau8824: add quirk to active-high jack-detect (git-fixes). * asoc: rt5640: fix sleep in atomic context (git-fixes). * asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: simple-card: add missing of_node_put() in case of error (git-fixes). * asoc: sof: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() (git-fixes). * asoc: sof: topology: fix logic for copying tuples (git-fixes). * asoc: tegra: fix adx byte map (git-fixes). * asoc: tegra: fix amx byte map (git-fixes). * asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). * ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). * block, bfq: fix division by zero error on zero wsum (bsc#1213653). * block: fix a source code comment in include/uapi/linux/blkzoned.h (git- fixes). * bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes). * bluetooth: fix use-bdaddr-property quirk (git-fixes). * bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes). * bluetooth: hci_event: call disconnect callback before deleting conn (git- fixes). * bluetooth: hci_sync: avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes). * bluetooth: iso: consider right cis when removing cig at cleanup (git-fixes). * bluetooth: iso: fix cig auto-allocation to select configurable cig (git- fixes). * bluetooth: iso: fix iso_conn related locking and validity issues (git- fixes). * bluetooth: iso: use hci_sync for setting cig parameters (git-fixes). * bluetooth: use rcu for hci_conn_params and iterate safely in hci_sync (git- fixes). * bonding: fix negative jump label count on nested bonding (bsc#1212685). * bus: fsl-mc: fsl-mc-allocator: drop a write-only variable (git-fixes). * bus: mhi: add new interfaces to handle mhi channels directly (bsc#1207948). * bus: mhi: host: add destroy_device argument to mhi_power_down() (bsc#1207948). * bus: ti-sysc: fix dispc quirk masking bool variables (git-fixes). * can: bcm: fix uaf in bcm_proc_show() (git-fixes). * can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes). * can: isotp: isotp_sendmsg(): fix return error fix on tx path (git-fixes). * can: kvaser_pciefd: remove handler for unused kvaser_pciefd_pack_type_eframe_ack (git-fixes). * can: kvaser_pciefd: remove useless write to interrupt register (git-fixes). * can: length: fix bitstuffing count (git-fixes). * can: length: fix description of the rrs field (git-fixes). * can: length: make header self contained (git-fixes). * ceph: add a dedicated private data for netfs rreq (bsc#1213205). * ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). * ceph: fix blindly expanding the readahead windows (bsc#1213206). * cifs: add a warning when the in-flight count goes negative (bsc#1193629). * cifs: address unused variable warning (bsc#1193629). * cifs: do all necessary checks for credits within or before locking (bsc#1193629). * cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). * cifs: fix max_credits implementation (bsc#1193629). * cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). * cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). * cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). * cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). * cifs: fix status checks in cifs_tree_connect (bsc#1193629). * cifs: log session id when a matching ses is not found (bsc#1193629). * cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). * cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). * cifs: print all credit counters in debugdata (bsc#1193629). * cifs: print client_guid in debugdata (bsc#1193629). * cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). * cifs: print nosharesock value while dumping mount options (bsc#1193629). * clk: cdce925: check return value of kasprintf() (git-fixes). * clk: fix memory leak in devm_clk_notifier_register() (git-fixes). * clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). * clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git- fixes). * clk: imx: scu: use _safe list iterator to avoid a use after free (git- fixes). * clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). * clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git- fixes). * clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes). * clk: samsung: add exynos4212 compatible to clkout driver (git-fixes). * clk: si5341: check return value of {devm_}kasprintf() (git-fixes). * clk: si5341: free unused memory on probe failure (git-fixes). * clk: si5341: return error if one synth clock registration fails (git-fixes). * clk: tegra: tegra124-emc: fix potential memory leak (git-fixes). * clk: ti: clkctrl: check return value of kasprintf() (git-fixes). * clk: vc5: check memory returned by kasprintf() (git-fixes). * coda: avoid partial allocation of sig_inputargs (git-fixes). * codel: fix kernel-doc notation warnings (git-fixes). * cpufreq: amd-pstate: add ->fast_switch() callback (bsc#1212445). * cpufreq: amd-pstate: add amd p-state frequencies attributes (bsc#1212445). * cpufreq: amd-pstate: add amd p-state performance attributes (bsc#1212445). * cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection (bsc#1212445). * cpufreq: amd-pstate: add boost mode support for amd p-state (bsc#1212445). * cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445). * cpufreq: amd-pstate: add fast switch function for amd p-state (bsc#1212445). * cpufreq: amd-pstate: add guided autonomous mode (bsc#1212445). * cpufreq: amd-pstate: add guided mode control support via sysfs (bsc#1212445). * cpufreq: amd-pstate: add more tracepoint for amd p-state module (bsc#1212445). * cpufreq: amd-pstate: add resume and suspend callbacks (bsc#1212445). * cpufreq: amd-pstate: add trace for amd p-state module (bsc#1212445). * cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445). * cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1212445). * cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445). * cpufreq: amd-pstate: cpufreq: amd-pstate: reset msr_amd_perf_ctl register at init (bsc#1212445). * cpufreq: amd-pstate: expose struct amd_cpudata (bsc#1212445). * cpufreq: amd-pstate: fix initial highest_perf value (bsc#1212445). * cpufreq: amd-pstate: fix invalid write to msr_amd_cppc_req (bsc#1212445). * cpufreq: amd-pstate: fix kconfig dependencies for amd p-state (bsc#1212445). * cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1212445). * cpufreq: amd-pstate: fix struct amd_cpudata kernel-doc comment (bsc#1212445). * cpufreq: amd-pstate: fix white-space (bsc#1212445). * cpufreq: amd-pstate: implement amd pstate cpu online and offline callback (bsc#1212445). * cpufreq: amd-pstate: implement pstate epp support for the amd processors (bsc#1212445). * cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445). * cpufreq: amd-pstate: introduce a new amd p-state driver to support future processors (bsc#1212445). * cpufreq: amd-pstate: introduce the support for the processors with shared memory solution (bsc#1212445). * cpufreq: amd-pstate: let user know amd-pstate is disabled (bsc#1212445). * cpufreq: amd-pstate: make amd-pstate epp driver name hyphenated (bsc#1212445). * cpufreq: amd-pstate: make varaiable mode_state_machine static (bsc#1212445). * cpufreq: amd-pstate: optimize driver working mode selection in amd_pstate_param() (bsc#1212445). * cpufreq: amd-pstate: remove fast_switch_possible flag from active driver (bsc#1212445). * cpufreq: amd-pstate: remove module_license in non-modules (bsc#1212445). * cpufreq: amd-pstate: set a fallback policy based on preferred_profile (bsc#1212445). * cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445). * cpufreq: amd-pstate: update policy->cur in amd_pstate_adjust_perf() (bsc#1212445). * cpufreq: amd-pstate: update pstate frequency transition delay time (bsc#1212445). * cpufreq: amd-pstate: write cppc enable bit per-socket (bsc#1212445). * cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445). * cpufreq: amd_pstate: map desired perf into pstate scope for powersave governor (bsc#1212445). * cpufreq: tegra194: fix module loading (git-fixes). * crypto: kpp - add helper to set reqsize (git-fixes). * crypto: marvell/cesa - fix type mismatch warning (git-fixes). * crypto: nx - fix build warnings when debug_fs is not enabled (git-fixes). * crypto: qat - use helper to set reqsize (git-fixes). * delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705. * devlink: fix kernel-doc notation warnings (git-fixes). * dlm: fix missing lkb refcount handling (git-fixes). * dlm: fix plock invalid read (git-fixes). * dma-buf/dma-resv: stop leaking on krealloc() failure (git-fixes). * docs: networking: update codeaurora references for rmnet (git-fixes). * documentation: abi: sysfs-class-net-qmi: pass_through contact update (git- fixes). * documentation: bonding: fix the doc of peer_notif_delay (git-fixes). * documentation: cpufreq: amd-pstate: move amd_pstate param to alphabetical order (bsc#1212445). * documentation: devices.txt: reconcile serial/ucc_uart minor numers (git- fixes). * documentation: timers: hrtimers: make hybrid union historical (git-fixes). * drivers: meson: secure-pwrc: always enable dma domain (git-fixes). * drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes). * drm/amd/amdgpu: limit one queue per gang (git-fixes). * drm/amd/amdgpu: update mes11 api def (git-fixes). * drm/amd/display (gcc13): fix enum mismatch (git-fixes). * drm/amd/display: add a null pointer check (bsc#1212848, bsc#1212961). * drm/amd/display: add debug option to skip psr crtc disable (git-fixes). * drm/amd/display: add logging for display mall refresh setting (git-fixes). * drm/amd/display: add minimal pipe split transition state (git-fixes). * drm/amd/display: add minimum z8 residency debug option (git-fixes). * drm/amd/display: add missing wa and mclk validation (git-fixes). * drm/amd/display: add monitor specific edid quirk (git-fixes). * drm/amd/display: add polling method to handle mst reply packet (bsc#1213578). * drm/amd/display: add wrapper to call planes and stream update (git-fixes). * drm/amd/display: add z8 allow states to z-state support list (git-fixes). * drm/amd/display: change default z8 watermark values (git-fixes). * drm/amd/display: check tg is non-null before checking if enabled (git- fixes). * drm/amd/display: correct `dmub_fw_version` macro (git-fixes). * drm/amd/display: correct dml calculation to align hw formula (git-fixes). * drm/amd/display: correct dml calculation to follow hw spec (git-fixes). * drm/amd/display: disable mpc split by default on special asic (git-fixes). * drm/amd/display: disable seamless boot if force_odm_combine is enabled (bsc#1212848, bsc#1212961). * drm/amd/display: do not update drr while bw optimizations pending (git- fixes). * drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git- fixes). * drm/amd/display: enable hostvm based on riommu active (git-fixes). * drm/amd/display: enforce 60us prefetch for 200mhz dcfclk modes (git-fixes). * drm/amd/display: ensure vmin and vmax adjust for dce (git-fixes). * drm/amd/display: explicitly specify update type per plane info change (git- fixes). * drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes). * drm/amd/display: fix 4to1 mpc black screen with dpp rco (git-fixes). * drm/amd/display: fix a divided-by-zero error (git-fixes). * drm/amd/display: fix a test calculateprefetchschedule() (git-fixes). * drm/amd/display: fix a test dml32_rq_dlg_get_rq_reg() (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: fix artifacting on edp panels when engaging freesync video mode (git-fixes). * drm/amd/display: fix psr-su/dsc interoperability support (git-fixes). * drm/amd/display: fix seamless odm transitions (git-fixes). * drm/amd/display: fix the system hang while disable psr (git-fixes). * drm/amd/display: fix z8 support configurations (git-fixes). * drm/amd/display: fixed dcn30+ underflow issue (git-fixes). * drm/amd/display: have payload properly created after resume (git-fixes). * drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes). * drm/amd/display: limit timing for single dimm memory (git-fixes). * drm/amd/display: lowering min z8 residency time (git-fixes). * drm/amd/display: only update link settings after successful mst link train (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes). * drm/amd/display: reduce sdp bw after urgent to 90% (git-fixes). * drm/amd/display: refactor edp psr codes (git-fixes). * drm/amd/display: remove fpu guards from the dml folder (git-fixes). * drm/amd/display: remove optimization for vrr updates (git-fixes). * drm/amd/display: remove phantom pipe check when calculating k1 and k2 (git- fixes). * drm/amd/display: remove stutter only configurations (git-fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/display: set dcn315 lb bpp to 48 (git-fixes). * drm/amd/display: unlock on error path in dm_handle_mst_sideband_msg_ready_event() (git-fixes). * drm/amd/display: update minimum stutter residency for dcn314 z8 (git-fixes). * drm/amd/display: update z8 sr exit/enter latencies (git-fixes). * drm/amd/display: update z8 watermarks for dcn314 (git-fixes). * drm/amd/display: use dc_update_planes_and_stream (git-fixes). * drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes). * drm/amd/pm: add missing notifypowersource message mapping for smu13.0.7 (git-fixes). * drm/amd/pm: avoid potential ubsan issue on legacy asics (git-fixes). * drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid skus (git-fixes). * drm/amd/pm: conditionally disable pcie lane/speed switching for smu13 (git- fixes). * drm/amd/pm: fix possible power mode mismatch between driver and pmfw (git- fixes). * drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes). * drm/amd/pm: resolve reboot exception for si oland (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for smu v13.0.4 (git-fixes). * drm/amd/pm: reverse mclk clocks levels for smu v13.0.5 (git-fixes). * drm/amd/pm: revise the aspm settings for thunderbolt attached scenario (bsc#1212848, bsc#1212961). * drm/amd/pm: share the code around smu13 pcie parameters update (git-fixes). * drm/amd/pm: update the lc_l1_inactivity setting to address possible noise issue (bsc#1212848, bsc#1212961). * drm/amd/pm: workaround for compute workload type on some skus (git-fixes). * drm/amd: add a new helper for loading/validating microcode (git-fixes). * drm/amd: disable psr-su on parade 0803 tcon (bsc#1212848, bsc#1212961). * drm/amd: do not allow s0ix on apus older than raven (git-fixes). * drm/amd: do not try to enable secure display ta multiple times (bsc#1212848, bsc#1212961). * drm/amd: fix an error handling mistake in psp_sw_init() (git-fixes). * drm/amd: load mes microcode during early_init (git-fixes). * drm/amd: use `amdgpu_ucode_*` helpers for mes (git-fixes). * drm/amdgpu/gfx11: adjust gfxoff before powergating on gfx11 as well (git- fixes). * drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes). * drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes). * drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes). * drm/amdgpu/jpeg: remove harvest checking for jpeg3 (git-fixes). * drm/amdgpu/mes11: enable reg active poll (git-fixes). * drm/amdgpu/vcn: disable indirect sram on vangogh broken bioses (git-fixes). * drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git- fixes). * drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes). * drm/amdgpu: add the fan abnormal detection feature (git-fixes). * drm/amdgpu: avoid restore process run into dead loop (git-fixes). * drm/amdgpu: change reserved vram info print (git-fixes). * drm/amdgpu: declare firmware for new mes 11.0.4 (git-fixes). * drm/amdgpu: do not set struct drm_driver.output_poll_changed (git-fixes). * drm/amdgpu: enable tmz by default for gc 11.0.1 (git-fixes). * drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes). * drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes). * drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes). * drm/amdgpu: fix clearing mappings for bos that are always valid in vm (bsc#1212848, bsc#1212961). * drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git- fixes). * drm/amdgpu: fix desktop freezed after gpu-reset (git-fixes). * drm/amdgpu: fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes). * drm/amdgpu: fix minmax warning (git-fixes). * drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961). * drm/amdgpu: fix sdma v4 sw fini error (git-fixes). * drm/amdgpu: fix usage of umc fill record in ras (git-fixes). * drm/amdgpu: force signal hw_fences that are embedded in non-sched jobs (git- fixes). * drm/amdgpu: refine get gpu clock counter method (git-fixes). * drm/amdgpu: remove deprecated mes version vars (git-fixes). * drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes). * drm/amdgpu: set gfx9 onwards apu atomics support to be true (git-fixes). * drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes). * drm/amdgpu: validate vm ioctl flags (git-fixes). * drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes). * drm/amdkfd: fix potential deallocation of previously deallocated memory (git-fixes). * drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes). * drm/bridge: anx7625: convert to i2c's .probe_new() (git-fixes). * drm/bridge: anx7625: fix refcount bug in anx7625_parse_dt() (git-fixes). * drm/bridge: anx7625: prevent endless probe loop (git-fixes). * drm/bridge: it6505: move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes). * drm/bridge: tc358767: switch to devm mipi-dsi helpers (git-fixes). * drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git- fixes). * drm/bridge: tc358768: always enable hs video mode (git-fixes). * drm/bridge: tc358768: fix pll parameters computation (git-fixes). * drm/bridge: tc358768: fix pll target frequency (git-fixes). * drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes). * drm/bridge: tc358768: fix tclk_zerocnt computation (git-fixes). * drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes). * drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes). * drm/bridge: tc358768: fix txtagocnt computation (git-fixes). * drm/bridge: ti-sn65dsi83: fix enable error path (git-fixes). * drm/bridge: ti-sn65dsi86: fix auxiliary bus lifetime (git-fixes). * drm/client: fix memory leak in drm_client_modeset_probe (git-fixes). * drm/client: fix memory leak in drm_client_target_cloned (git-fixes). * drm/display/dp_mst: fix payload addition on a disconnected sink (git-fixes). * drm/display: do not block hdr_output_metadata on unknown eotf (git-fixes). * drm/dp_mst: clear msg_rdy flag before sending new message (bsc#1213578). * drm/drm_vma_manager: add drm_vma_node_allow_once() (git-fixes). * drm/dsc: fix dp_dsc_max_bpp_delta_* macro values (git-fixes). * drm/dsc: fix drm_edp_dsc_sink_output_bpp() dpcd high byte usage (git-fixes). * drm/etnaviv: move idle mapping reaping into separate function (git-fixes). * drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes). * drm/exynos: fix race condition uaf in exynos_g2d_exec_ioctl (git-fixes). * drm/exynos: vidi: fix a wrong error return (git-fixes). * drm/i915/dp_mst: add the mst topology state for modesetted crtcs (bsc#1213493). * drm/i915/dpt: use shmem for dpt objects (git-fixes). * drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes). * drm/i915/gt: cleanup partial engine discovery failures (git-fixes). * drm/i915/guc: add error-capture init warnings when needed (git-fixes). * drm/i915/guc: fix missing ecodes (git-fixes). * drm/i915/guc: limit scheduling properties to avoid overflow (git-fixes). * drm/i915/guc: rename guc register state capture node to be more obvious (git-fixes). * drm/i915/gvt: remove unused variable gma_bottom in command parser (git- fixes). * drm/i915/mtl: update scaler source and destination limits for mtl (git- fixes). * drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git- fixes). * drm/i915/sdvo: grab mode_config.mutex during lvds init to avoid warns (git- fixes). * drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git- fixes). * drm/i915/tc: fix system resume mst mode restore for dp-alt sinks (git- fixes). * drm/i915/tc: fix tc port link ref init for dp mst during hw readout (git- fixes). * drm/i915: allow panel fixed modes to have differing sync polarities (git- fixes). * drm/i915: check pipe source size when using skl+ scalers (git-fixes). * drm/i915: do not preserve dpll_hw_state for slave crtc in bigjoiner (git- fixes). * drm/i915: do panel vbt init early if the vbt declares an explicit panel type (git-fixes). * drm/i915: fix a memory leak with reused mmap_offset (git-fixes). * drm/i915: fix an error handling path in igt_write_huge() (git-fixes). * drm/i915: fix negative value passed as remaining time (git-fixes). * drm/i915: fix one wrong caching mode enum usage (git-fixes). * drm/i915: fix typec mode initialization during system resume (git-fixes). * drm/i915: introduce intel_panel_init_alloc() (git-fixes). * drm/i915: never return 0 if not all requests retired (git-fixes). * drm/i915: populate encoder->devdata for dsi on icl+ (git-fixes). * drm/i915: print return value on error (git-fixes). * drm/i915: use _mmio_pipe() for skl_bottom_color (git-fixes). * drm/meson: fix return type of meson_encoder_cvbs_mode_valid() (git-fixes). * drm/msm/a5xx: really check for a510 in a5xx_gpu_init (git-fixes). * drm/msm/adreno: fix runtime pm imbalance at unbind (git-fixes). * drm/msm/adreno: fix snapshot bindless_data size (git-fixes). * drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). * drm/msm/adreno: simplify read64/write64 helpers (git-fixes). * drm/msm/disp/dpu: get timing engine status from intf status register (git- fixes). * drm/msm/dp: free resources after unregistering them (git-fixes). * drm/msm/dpu: add dsc hardware blocks to register snapshot (git-fixes). * drm/msm/dpu: assign missing writeback log_mask (git-fixes). * drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes). * drm/msm/dpu: correct merge_3d length (git-fixes). * drm/msm/dpu: do not enable color-management if dspps are not available (git- fixes). * drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). * drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes). * drm/msm/dpu: set dsc flush bit correctly at mdp ctl flush register (git- fixes). * drm/msm/dsi: do not allow enabling 14nm vco with unprogrammed rate (git- fixes). * drm/msm/hdmi: use devres helper for runtime pm management (git-fixes). * drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git- fixes). * drm/panel: boe-tv101wum-nl6: ensure dsi writes succeed during disable (git- fixes). * drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). * drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes). * drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git- fixes). * drm/panel: simple: fix active size for ampire am-480272h3tmqw-t01h (git- fixes). * drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes). * drm/radeon: fix possible division-by-zero errors (git-fixes). * drm/radeon: fix race condition uaf in radeon_gem_set_domain_ioctl (git- fixes). * drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes). * drm/rockchip: vop: leave vblank enabled in self-refresh (git-fixes). * drm/ttm: do not leak a resource on swapout move error (git-fixes). * drm/ttm: fix bulk_move corruption when adding a entry (git-fixes). * drm/ttm: fix warning that we shouldn't mix && and || (git-fixes). * drm/virtio: fix memory leak in virtio_gpu_object_create() (git-fixes). * drm/virtio: simplify error handling of virtio_gpu_object_create() (git- fixes). * drm/vmwgfx: fix legacy display unit atomic drm support (bsc#1213632). * drm/vmwgfx: refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes). * drm/vmwgfx: refactor resource validation hashtable to use linux/hashtable implementation (git-fixes). * drm/vmwgfx: refactor ttm reference object hashtable to use linux/hashtable (git-fixes). * drm/vmwgfx: remove explicit and broken vblank handling (bsc#1213632). * drm/vmwgfx: remove rcu locks from user resources (bsc#1213632). * drm/vmwgfx: remove ttm object hashtable (git-fixes). * drm/vmwgfx: remove vmwgfx_hashtab (git-fixes). * drm/vmwgfx: write the driver id registers (git-fixes). * drm/vram-helper: fix function names in vram helper doc (git-fixes). * drm: add fixed-point helper to get rounded integer values (git-fixes). * drm: add missing dp dsc extended capability definitions (git-fixes). * drm: buddy_allocator: fix buddy allocator init on 32-bit systems (git- fixes). * drm: optimize drm buddy top-down allocation method (git-fixes). * drm: panel-orientation-quirks: add quirk for dynabook k50 (git-fixes). * drm: rcar-du: add quirk for h3 es1.x pclk workaround (git-fixes). * drm: rcar-du: fix setting a reserved bit in dpllcr (git-fixes). * drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git- fixes). * drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes). * drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777). * dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in "compatible" conditional schema (git-fixes). * elf: correct note name comment (git-fixes). * enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#ped-4758) * ext4: add ea_inode checking to ext4_iget() (bsc#1213106). * ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). * ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). * ext4: add strict range checks while freeing blocks (bsc#1213089). * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). * ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). * ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). * ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). * ext4: disallow ea_inodes with extended attributes (bsc#1213108). * ext4: fail ext4_iget if special inode unallocated (bsc#1213010). * ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). * ext4: fix data races when using cached status extents (bsc#1213102). * ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). * ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). * ext4: fix lockdep warning when enabling mmp (bsc#1213100). * ext4: fix reusing stale buffer heads from last failed mounting (bsc#1213020). * ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). * ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). * ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). * ext4: fix warning in ext4_update_inline_data (bsc#1213012). * ext4: fix warning in mb_find_extent (bsc#1213099). * ext4: improve error handling from ext4_dirhash() (bsc#1213104). * ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). * ext4: move where set the may_inline_data flag is set (bsc#1213011). * ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). * ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). * ext4: refuse to create ea block when umounted (bsc#1213093). * ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). * ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). * ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). * ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). * ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). * extcon: fix kernel doc of property capability fields to avoid warnings (git- fixes). * extcon: fix kernel doc of property fields to avoid warnings (git-fixes). * extcon: usbc-tusb320: add usb type-c support (git-fixes). * extcon: usbc-tusb320: call the type-c irq handler only if a port is registered (git-fixes). * extcon: usbc-tusb320: unregister typec port on driver removal (git-fixes). * extcon: usbc-tusb320: update state on probe even if no irq pending (git- fixes). * fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes). * fbdev: imxfb: removed unneeded release_mem_region (git-fixes). * fbdev: imxfb: warn about invalid left/right margin (git-fixes). * fbdev: omapfb: lcd_mipid: fix an error handling path in mipid_spi_probe() (git-fixes). * file: always lock position for fmode_atomic_pos (bsc#1213759). * firmware: stratix10-svc: fix a potential resource leak in svc_create_memory_pool() (git-fixes). * fix documentation of panic_on_warn (git-fixes). * fix null pointer dereference in drm_dp_atomic_find_time_slots() (bsc#1213578). * fs: dlm: add midcomms init/start functions (git-fixes). * fs: dlm: do not set stop rx flag after node reset (git-fixes). * fs: dlm: filter user dlm messages for kernel locks (git-fixes). * fs: dlm: fix log of lowcomms vs midcomms (git-fixes). * fs: dlm: fix race between test_bit() and queue_work() (git-fixes). * fs: dlm: fix race in lowcomms (git-fixes). * fs: dlm: handle -ebusy first in lock arg validation (git-fixes). * fs: dlm: move sending fin message into state change handling (git-fixes). * fs: dlm: retry accept() until -eagain or error returns (git-fixes). * fs: dlm: return positive pid value for f_getlk (git-fixes). * fs: dlm: start midcomms before scand (git-fixes). * fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git- fixes). * fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). * fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). * fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes). * fuse: ioctl: translate enosys in outarg (bsc#1213524). * fuse: revalidate: do not invalidate if interrupted (bsc#1213523). * get module prefix from kmod (bsc#1212835). * gve: set default duplex configuration to full (git-fixes). * gve: unify driver name usage (git-fixes). * hid: logitech-hidpp: add hidpp_quirk_delayed_init for the t651 (git-fixes). * hid: wacom: add error check to wacom_parse_and_register() (git-fixes). * hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861). * hvcs: get reference to tty in remove (bsc#1213134 ltc#202861). * hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861). * hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). * hvcs: use driver groups to manage driver attributes (bsc#1213134 ltc#202861). * hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861). * hwmon: (adm1275) allow setting sample averaging (git-fixes). * hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). * hwmon: (k10temp) enable amd3255 proc to show negative temperature (git- fixes). * hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes). * hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272 (git-fixes). * hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). * hwrng: st - keep clock enabled while hwrng is registered (git-fixes). * i2c: tegra: set acpi node as primary fwnode (bsc#1213226). * i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). * i2c: xiic: do not try to handle more interrupt events after error (git- fixes). * iavf: check for removal state before iavf_flag_pf_comms_failed (git-fixes). * iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (git-fixes). * iavf: fix out-of-bounds when setting channels on remove (git-fixes). * iavf: fix potential deadlock on allocation failure (git-fixes). * iavf: fix reset task race with iavf_remove() (git-fixes). * iavf: fix use-after-free in free_netdev (git-fixes). * iavf: move netdev_update_features() into watchdog task (git-fixes). * iavf: use internal state to free traffic irqs (git-fixes). * iavf: wait for reset in callbacks which trigger it (git-fixes). * ib/hfi1: fix wrong mmu_node used for user sdma packet after invalidate (git- fixes) * ib/hfi1: use bitmap_zalloc() when applicable (git-fixes) * ib/isert: fix dead lock in ib_isert (git-fixes) * ib/isert: fix incorrect release of isert connection (git-fixes) * ib/isert: fix possible list corruption in cma handler (git-fixes) * ib/uverbs: fix to consider event queue closing also upon non-blocking mode (git-fixes) * ibmvnic: do not reset dql stats on non_fatal err (bsc#1212603 ltc#202604). * ice: fix max_rate check while configuring tx rate limits (git-fixes). * ice: fix memory management in ice_ethtool_fdir.c (git-fixes). * ice: handle extts in the miscellaneous interrupt thread (git-fixes). * igc: check if hardware tx timestamping is enabled earlier (git-fixes). * igc: enable and fix rx hash usage by netstack (git-fixes). * igc: fix inserting of empty frame for launchtime (git-fixes). * igc: fix kernel panic during ndo_tx_timeout callback (git-fixes). * igc: fix launchtime before start of cycle (git-fixes). * igc: fix race condition in ptp tx code (git-fixes). * igc: handle pps start time programming for past time values (git-fixes). * igc: prevent garbled tx queue with xdp zerocopy (git-fixes). * igc: remove delay during tx ring configuration (git-fixes). * igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). * igc: work around hw bug causing missing timestamps (git-fixes). * iio: accel: fxls8962af: errata bug only applicable for fxls8962af (git- fixes). * iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). * iio: adc: ad7192: fix internal/external clock selection (git-fixes). * iio: adc: ad7192: fix null ad7192_state pointer access (git-fixes). * inotify: avoid reporting event with invalid wd (bsc#1213025). * input: adxl34x - do not hardcode interrupt trigger type (git-fixes). * input: drv260x - fix typo in register value define (git-fixes). * input: drv260x - remove unused .reg_defaults (git-fixes). * input: drv260x - sleep between polling go bit (git-fixes). * input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). * input: iqs269a - do not poll during ati (git-fixes). * input: iqs269a - do not poll during suspend or resume (git-fixes). * input: soc_button_array - add invalid acpi_index dmi quirk handling (git- fixes). * integrity: fix possible multiple allocation in integrity_inode_get() (git- fixes). * io_uring: do not expose io_fill_cqe_aux() (bsc#1211014). * irqchip/gic-v3: claim iomem resources (bsc#1213533) * irqchip/gicv3: handle resource request failure consistently (bsc#1213533) * irqchip/gicv3: workaround for nvidia erratum t241-fabric-4 (bsc#1213533) * jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). * jdb2: do not refuse invalidation of already invalidated buffers (bsc#1213014). * jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). * jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). * jffs2: fix memory leak in jffs2_scan_medium (git-fixes). * jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). * jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git- fixes). * jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). * jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes). * kabi fix after restore kabi for nvidia vgpu driver (bsc#1210825). * kabi/severities: add vas symbols changed due to recent fix vas accelerators are directly tied to the architecture, there is no reason to have out-of- tree production drivers * kabi/severities: ignore kabi of i915 module it's exported only for its sub- module, not really used by externals * kabi/severities: ignore kabi of vmwgfx the driver exports a function unnecessarily without used by anyone else. ignore the kabi changes. * kabi/severities: relax kabi for ath11k local symbols (bsc#1207948) * kabi: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). * kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps") * kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime is undefined (git-fixes). * kvm: arm64: do not read a hw interrupt pending state in user context (git- fixes) * kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) * kvm: do not null dereference ops->destroy (git-fixes) * kvm: downgrade two bug_ons to warn_on_once (git-fixes) * kvm: initialize debugfs_dentry when a vm is created to avoid null (git- fixes) * kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). * kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git- fixes). * kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git- fixes). * kvm: vmx: restore vmx_vmexit alignment (git-fixes). * kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). * leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git- fixes). * libceph: harden msgr2.1 frame segment length checks (bsc#1213857). * m alsa: usb-audio: add quirk for tascam model 12 (git-fixes). * mailbox: ti-msgmgr: fill non-message tx data fields with 0x0 (git-fixes). * maintainers: add amd p-state driver maintainer entry (bsc#1212445). * md: add error_handlers for raid0 and linear (bsc#1212766). * media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). * media: cec: core: do not set last_initiator if tx in progress (git-fixes). * media: cec: i2c: ch7322: also select regmap (git-fixes). * media: i2c: correct format propagation for st-mipid02 (git-fixes). * media: staging: atomisp: select v4l2_fwnode (git-fixes). * media: usb: check az6007_read() return value (git-fixes). * media: usb: siano: fix warning due to null work_func_t function pointer (git-fixes). * media: venus: helpers: fix align() of non power of two (git-fixes). * media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes). * memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). * memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). * meson saradc: fix clock divider mask length (git-fixes). * mfd: intel-lpss: add missing check for platform_get_resource (git-fixes). * mfd: pm8008: fix module autoloading (git-fixes). * mfd: rt5033: drop rt5033-battery sub-device (git-fixes). * mfd: stmfx: fix error path in stmfx_chip_init (git-fixes). * mfd: stmfx: nullify stmfx->vdd in case of error (git-fixes). * mfd: stmpe: only disable the regulators if they are enabled (git-fixes). * mhi_power_down() kabi workaround (bsc#1207948). * misc: fastrpc: create fastrpc scalar with correct buffer count (git-fixes). * misc: pci_endpoint_test: free irqs before removing the device (git-fixes). * misc: pci_endpoint_test: re-init completion for every test (git-fixes). * mmc: core: disable trim on kingston emmc04g-m627 (git-fixes). * mmc: mmci: set probe_prefer_asynchronous (git-fixes). * mmc: sdhci-msm: disable broken 64-bit dma on msm8916 (git-fixes). * mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is used (git-fixes). * mtd: rawnand: meson: fix unaligned dma buffers handling (git-fixes). * net/mlx5: add ifc bits for bypassing port select flow table (git-fixes) * net/mlx5: dr, support sw created encap actions for fw table (git-fixes). * net/mlx5e: check for not_ready flag state after locking (git-fixes). * net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes). * net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes). * net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes). * net/mlx5e: xdp, allow growing tail for xdp multi buffer (git-fixes). * net/mlx5e: xsk: set napi_id to support busy polling on xsk rq (git-fixes). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585). * net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). * net: mana: add support for vlan tagging (bsc#1212301). * net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901). * net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901). * net: phy: marvell10g: fix 88x3310 power up (git-fixes). * net: phy: prevent stale pointer dereference in phy_init() (git-fixes). * net: qrtr: fix an uninit variable access bug in qrtr_tx_resume() (git- fixes). * net: qrtr: start mhi channel after endpoit creation (git-fixes). * nfcsim.c: fix error checking for debugfs_create_dir (git-fixes). * nfsd: add encoding of op_recall flag for write delegation (git-fixes). * nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). * nfsd: fix sparse warning (git-fixes). * nfsd: remove open coding of string copy (git-fixes). * nfsv4.1: always send a reclaim_complete after establishing lease (git- fixes). * nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git- fixes). * nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). * nilfs2: reject devices with insufficient block count (git-fixes). * ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes). * ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes). * ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes). * ntb: ntb_tool: add check for devm_kcalloc (git-fixes). * ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). * nvme-core: fix dev_pm_qos memleak (git-fixes). * nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). * nvme-core: fix memory leak in dhchap_secret_store (git-fixes). * nvme-multipath: support io stats on the mpath device (bsc#1210565). * nvme-pci: add quirk for missing secondary temperature thresholds (git- fixes). * nvme-pci: fix dma direction of unmapping integrity data (git-fixes). * nvme-pci: remove nvme_queue from nvme_iod (git-fixes). * nvme: do not reject probe due to duplicate ids for single-ported pcie devices (git-fixes). * nvme: double ka polling frequency to avoid kato with tbkas on (git-fixes). * nvme: fix the nvme_id_ns_nvm_sts_mask definition (git-fixes). * nvme: introduce nvme_start_request (bsc#1210565). * ocfs2: check new file size on fallocate call (git-fixes). * ocfs2: fix defrag path triggering jbd2 assert (git-fixes). * ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). * ocfs2: fix non-auto defrag path not working issue (git-fixes). * ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). * ocfs2: switch to security_inode_init_security() (git-fixes). * octeontx-af: fix hardware timestamp configuration (git-fixes). * octeontx2-af: move validation of ptp pointer before its usage (git-fixes). * octeontx2-pf: add additional check for mcam rules (git-fixes). * opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). * pci/aspm: disable aspm on mfd function removal to avoid use-after-free (git- fixes). * pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes). * pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes). * pci: add pci_clear_master() stub for non-config_pci (git-fixes). * pci: cadence: fix gen2 link retraining process (git-fixes). * pci: endpoint: add missing documentation about the msi/msi-x range (git- fixes). * pci: ftpci100: release the clock resources (git-fixes). * pci: pciehp: cancel bringup sequence if card is not present (git-fixes). * pci: qcom: disable write access to read only registers for ip v2.3.3 (git- fixes). * pci: release resource invalidated by coalescing (git-fixes). * pci: rockchip: add poll and timeout to wait for phy plls to be locked (git- fixes). * pci: rockchip: assert pci configuration enable bit after probe (git-fixes). * pci: rockchip: fix legacy irq generation for rk3399 pcie endpoint core (git- fixes). * pci: rockchip: set address alignment for endpoint mode (git-fixes). * pci: rockchip: use u32 variable to access 32-bit registers (git-fixes). * pci: rockchip: write pci device id to correct register (git-fixes). * pci: s390: fix use-after-free of pci resources with per-function hotplug (bsc#1212525). * pci: vmd: fix uninitialized variable usage in vmd_enable_domain() (git- fixes). * pci: vmd: reset vmd config register between soft reboots (git-fixes). * perf/x86/amd/core: always clear status for idx (bsc#1213233). * phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git- fixes). * phy: revert "phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb" (git- fixes). * phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). * phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes). * pie: fix kernel-doc notation warning (git-fixes). * pinctrl: amd: detect internal gpio0 debounce handling (git-fixes). * pinctrl: amd: do not show `invalid config param` errors (git-fixes). * pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes). * pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes). * pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes). * pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). * pinctrl: cherryview: return correct value if pin in push-pull mode (git- fixes). * pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git- fixes). * platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git- fixes). * platform/x86: think-lmi: correct nvme password handling (git-fixes). * platform/x86: think-lmi: correct system password interface (git-fixes). * platform/x86: think-lmi: mutex protection around multiple wmi calls (git- fixes). * platform/x86: thinkpad_acpi: fix lkp-tests warnings for platform profiles (git-fixes). * powerpc/64: only warn if __pa()/__va() called with bad addresses (bsc#1194869). * powerpc/64s: fix vas mm use after free (bsc#1194869). * powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869). * powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869). * powerpc/ftrace: remove ftrace init tramp once kernel init is complete (bsc#1194869). * powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare() (bsc#1194869). * powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross- boundary (bsc#1150305 ltc#176097 git-fixes). * powerpc/mm: switch obsolete dssall to .long (bsc#1194869). * powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). * powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). * powerpc/prom_init: fix kernel config grep (bsc#1194869). * powerpc/pseries/vas: hold mmap_mutex after mmap lock during window close (jsc#ped-542 git-fixes). * powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). * powerpc: clean vdso32 and vdso64 directories (bsc#1194869). * powerpc: define get_cycles macro for arch-override (bsc#1194869). * powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). * pstore/ram: add check for kstrdup (git-fixes). * pwm: ab8500: fix error code in probe() (git-fixes). * pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). * pwm: sysfs: do not apply state to already disabled pwms (git-fixes). * radeon: avoid double free in ci_dpm_init() (git-fixes). * rdma/bnxt_re: avoid calling wake_up threads from spin_lock context (git- fixes) * rdma/bnxt_re: disable/kill tasklet only if it is enabled (git-fixes) * rdma/bnxt_re: fix hang during driver unload (git-fixes) * rdma/bnxt_re: fix to remove an unnecessary log (git-fixes) * rdma/bnxt_re: fix to remove unnecessary return labels (git-fixes) * rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) * rdma/bnxt_re: remove a redundant check inside bnxt_re_update_gid (git-fixes) * rdma/bnxt_re: remove unnecessary checks (git-fixes) * rdma/bnxt_re: return directly without goto jumps (git-fixes) * rdma/bnxt_re: use unique names while registering interrupts (git-fixes) * rdma/bnxt_re: wraparound mbox producer index (git-fixes) * rdma/cma: always set static rate to 0 for roce (git-fixes) * rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) * rdma/hns: fix hns_roce_table_get return value (git-fixes) * rdma/irdma: add missing read barriers (git-fixes) * rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) * rdma/irdma: fix data race on cqp completion stats (git-fixes) * rdma/irdma: fix data race on cqp request done (git-fixes) * rdma/irdma: fix op_type reporting in cqes (git-fixes) * rdma/irdma: report correct wc error (git-fixes) * rdma/mlx4: make check for invalid flags stricter (git-fixes) * rdma/mlx5: create an indirect flow table for steering anchor (git-fixes) * rdma/mlx5: do not set tx affinity when lag is in hash mode (git-fixes) * rdma/mlx5: fix affinity assignment (git-fixes) * rdma/mlx5: initiate dropless rq for raw ethernet functions (git-fixes) * rdma/mthca: fix crash when polling cq for shared qps (git-fixes) * rdma/rtrs: fix rxe_dealloc_pd warning (git-fixes) * rdma/rtrs: fix the last iu->buf leak in err path (git-fixes) * rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes) * rdma/rxe: fix packet length checks (git-fixes) * rdma/rxe: fix ref count error in check_rkey() (git-fixes) * rdma/rxe: fix rxe_cq_post (git-fixes) * rdma/rxe: fix the use-before-initialization error of resp_pkts (git-fixes) * rdma/rxe: remove dangling declaration of rxe_cq_disable() (git-fixes) * rdma/rxe: remove the unused variable obj (git-fixes) * rdma/rxe: removed unused name from rxe_task struct (git-fixes) * rdma/uverbs: restrict usage of privileged qkeys (git-fixes) * rdma/vmw_pvrdma: remove unnecessary check on wr->opcode (git-fixes) * regmap: account for register length in smbus i/o limits (git-fixes). * regmap: drop initial version of maximum transfer length fixes (git-fixes). * regulator: core: fix more error checking for debugfs_create_dir() (git- fixes). * regulator: core: streamline debugfs operations (git-fixes). * regulator: helper: document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). * restore kabi for nvidia vgpu driver (bsc#1210825). * revert "alsa: usb-audio: drop superfluous interface setup at parsing" (git- fixes). * revert "arm64: dts: zynqmp: add address-cells property to interrupt (git- fixes) * revert "debugfs, coccinelle: check for obsolete define_simple_attribute() usage" (git-fixes). * revert "drm/amd/display: edp do not add non-edid timings" (git-fixes). * revert "drm/i915: disable dsb usage for now" (git-fixes). * revert "drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)" sle15-sp5 branch works as is, hence revive the dropped patches again. * revert "iavf: detach device during reset task" (git-fixes). * revert "iavf: do not restart tx queues after reset task failure" (git- fixes). * revert "mtd: rawnand: arasan: prevent an unsupported configuration" (git- fixes). * revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes). * revert "nfsv4: retry lock on old_stateid during delegation return" (git- fixes). * revert "usb: dwc3: core: enable autoretry feature in the controller" (git- fixes). * revert "usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()" (git-fixes). * revert "usb: gadget: udc: core: offload usb_udc_vbus_handler processing" * revert "usb: gadget: udc: core: prevent soft_connect_store() race" * revert "usb: xhci: tegra: fix error check" (git-fixes). * revive drm_dp_mst_hpd_irq() function (bsc#1213578). * rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe they depend on config_toolchain_has__. * rsi: remove kernel-doc comment marker (git-fixes). * rtc: efi: add wakeup support (bsc#1213116). * rtc: efi: enable set/get wakeup services as optional (bsc#1213116). * rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116). * rtc: st-lpc: release some resources in st_rtc_probe() in case of error (git- fixes). * rxrpc, afs: fix selection of abort codes (git-fixes). * s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). * s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). * s390/bpf: add expoline to tail calls (git-fixes bsc#1213870). * s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). * s390/dasd: print copy pair message only for the correct error (git-fixes bsc#1213872). * s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263). * s390/decompressor: specify __decompress() buf len to avoid overflow (git- fixes bsc#1213863). * s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). * s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). * s390/pci: clean up left over special treatment for function zero (bsc#1212525). * s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525). * s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525). * s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). * s390/qeth: fix vipa deletion (git-fixes bsc#1213713). * s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715). * s390: define runtime_discard_exit to fix link error with gnu ld < 2.36 (git-fixes bsc#1213264). * s390: discard .interp section (git-fixes bsc#1213247). * s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). * scftorture: count reschedule ipis (git-fixes). * sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) * sched: fix debug && !schedstats warn (git-fixes) * scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756). * scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756). * scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756). * scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756). * scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). * scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). * scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756). * scsi: lpfc: fix lpfc_name struct packing (bsc#1213756). * scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756). * scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). * scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756). * scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756). * scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756). * scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756). * scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756). * scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). * scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756). * scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756). * scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756). * scsi: lpfc: use struct_size() helper (bsc#1213756). * scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747). * scsi: qla2xxx: array index may go out of bound (bsc#1213747). * scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747). * scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747). * scsi: qla2xxx: correct the index of array (bsc#1213747). * scsi: qla2xxx: drop useless list_head (bsc#1213747). * scsi: qla2xxx: fix buffer overrun (bsc#1213747). * scsi: qla2xxx: fix command flush during tmf (bsc#1213747). * scsi: qla2xxx: fix deletion race condition (bsc#1213747). * scsi: qla2xxx: fix end of loop test (bsc#1213747). * scsi: qla2xxx: fix erroneous link up failure (bsc#1213747). * scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747). * scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747). * scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747). * scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747). * scsi: qla2xxx: fix session hang in gnl (bsc#1213747). * scsi: qla2xxx: fix tmf leak through (bsc#1213747). * scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747). * scsi: qla2xxx: pointer may be dereferenced (bsc#1213747). * scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747). * scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747). * scsi: qla2xxx: silence a static checker warning (bsc#1213747). * scsi: qla2xxx: turn off noisy message log (bsc#1213747). * scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747). * scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747). * scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747). * security: keys: modify mismatched function name (git-fixes). * selftests/ir: fix build with ancient kernel headers (git-fixes). * selftests: cgroup: fix unsigned comparison with less than zero (git-fixes). * selftests: forwarding: fix packet matching in mirroring selftests (git- fixes). * selftests: mptcp: depend on syn_cookies (git-fixes). * selftests: mptcp: sockopt: return error if wrong mark (git-fixes). * selftests: rtnetlink: remove netdevsim device after ipsec offload test (git- fixes). * selftests: tc: add 'ct' action kconfig dep (git-fixes). * selftests: tc: add conntrack procfs kconfig (git-fixes). * selftests: tc: set timeout to 15 minutes (git-fixes). * serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). * serial: 8250: lock port for uart_ier access in omap8250_irq() (git-fixes). * serial: 8250: omap: fix freeing of resources on failed register (git-fixes). * serial: 8250_omap: use force_suspend and resume for system suspend (git- fixes). * serial: atmel: do not enable irqs prematurely (git-fixes). * serial: qcom-geni: drop bogus runtime pm state update (git-fixes). * serial: sifive: fix sifive_serial_console_setup() section (git-fixes). * sfc: fix crash when reading stats while nic is resetting (git-fixes). * sfc: fix xdp queues mode with legacy irq (git-fixes). * sfc: use budget for tx completions (git-fixes). * signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869). * signal/s390: use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). * signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv) (bsc#1194869). * smb3: do not reserve too many oplock credits (bsc#1193629). * smb3: missing null check in smb2_change_notify (bsc#1193629). * smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). * smb: client: fix missed ses refcounting (git-fixes). * smb: client: fix parsing of source mount option (bsc#1193629). * smb: client: fix shared dfs root mounts with different prefixes (bsc#1193629). * smb: client: fix warning in cifs_match_super() (bsc#1193629). * smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). * smb: client: fix warning in cifsfindfirst() (bsc#1193629). * smb: client: fix warning in cifsfindnext() (bsc#1193629). * smb: client: fix warning in generic_ip_connect() (bsc#1193629). * smb: client: improve dfs mount check (bsc#1193629). * smb: client: remove redundant pointer 'server' (bsc#1193629). * smb: delete an unnecessary statement (bsc#1193629). * smb: move client and server files to common directory fs/smb (bsc#1193629). * smb: remove obsolete comment (bsc#1193629). * soc/fsl/qe: fix usb.c build errors (git-fixes). * soc: samsung: exynos-pmu: re-introduce exynos4212 support (git-fixes). * soundwire: bus_type: avoid lockdep assert in sdw_drv_probe() (git-fixes). * soundwire: cadence: drain the rx fifo after an io timeout (git-fixes). * soundwire: dmi-quirks: add new mapping for hp spectre x360 (git-fixes). * soundwire: qcom: fix storing port config out-of-bounds (git-fixes). * soundwire: qcom: update status correctly with mask (git-fixes). * soundwire: stream: add missing clear of alloc_slave_rt (git-fixes). * spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git- fixes). * spi: bcm63xx: fix max prepend length (git-fixes). * spi: dw: round of n_bytes to power of 2 (git-fixes). * spi: lpspi: disable lpspi module irq in dma mode (git-fixes). * spi: spi-geni-qcom: correct cs_toggle bit in spi_trans_cfg (git-fixes). * staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git- fixes). * staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes). * sunrpc: always free ctxt when freeing deferred request (git-fixes). * sunrpc: double free xprt_ctxt while still in use (git-fixes). * sunrpc: fix trace_svc_register() call site (git-fixes). * sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). * sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). * sunrpc: remove the maximum number of retries in call_bind_status (git- fixes). * svcrdma: prevent page release when nothing was received (git-fixes). * swsmu/amdgpu_smu: fix the wrong if-condition (git-fixes). * test_firmware: return enomem instead of enospc on failed memory allocation (git-fixes). * tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git- fixes). * tpm_tis: explicitly check for error code (git-fixes). * tracing/timer: add missing hrtimer modes to decode_hrtimer_mode() (git- fixes). * tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes). * tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). * tty: serial: imx: fix rs485 rx after tx (git-fixes). * tty: serial: samsung_tty: fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). * tty: serial: samsung_tty: fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). * ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). * ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git- fixes). * ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git- fixes). * ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). * ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git- fixes). * ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes). * ubifs: fix build errors as symbol undefined (git-fixes). * ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git- fixes). * ubifs: fix memory leak in alloc_wbufs() (git-fixes). * ubifs: fix memory leak in do_rename (git-fixes). * ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). * ubifs: fix to add refcount once page is set private (git-fixes). * ubifs: fix wrong dirty space budget for dirty inode (git-fixes). * ubifs: free memory for tmpfile name (git-fixes). * ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes). * ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). * ubifs: rectify space budget for ubifs_xrename() (git-fixes). * ubifs: rename whiteout atomically (git-fixes). * ubifs: rename_whiteout: correct old_dir size computing (git-fixes). * ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes). * ubifs: reserve one leb for each journal head while doing budget (git-fixes). * ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes). * ubifs: ubifs_writepage: mark page dirty after writing inode failed (git- fixes). * udf: avoid double brelse() in udf_rename() (bsc#1213032). * udf: define efscorrupted error code (bsc#1213038). * udf: detect system inodes linked into directory hierarchy (bsc#1213114). * udf: discard preallocation before extending file with a hole (bsc#1213036). * udf: do not bother looking for prealloc extents if i_lenextents matches i_size (bsc#1213035). * udf: do not bother merging very long extents (bsc#1213040). * udf: do not update file length for failed writes to inline files (bsc#1213041). * udf: fix error handling in udf_new_inode() (bsc#1213112). * udf: fix extending file within last block (bsc#1213037). * udf: fix preallocation discarding at indirect extent boundary (bsc#1213034). * udf: preserve link count of system files (bsc#1213113). * udf: truncate added extents on failed expansion (bsc#1213039). * update config and supported.conf files due to renaming. * update config files: enable config_x86_amd_pstate (bsc#1212445) * update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). * usb: dwc2: fix some error handling paths (git-fixes). * usb: dwc2: platform: improve error reporting for problems during .remove() (git-fixes). * usb: dwc3-meson-g12a: fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). * usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). * usb: dwc3: gadget: propagate core init errors to udc during pullup (git- fixes). * usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes). * usb: dwc3: qcom: fix an error handling path in dwc3_qcom_probe() (git- fixes). * usb: dwc3: qcom: fix potential memory leak (git-fixes). * usb: dwc3: qcom: release the correct resources in dwc3_qcom_remove() (git- fixes). * usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). * usb: gadget: u_serial: add null pointer check in gserial_suspend (git- fixes). * usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). * usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). * usb: gadget: udc: fix null dereference in remove() (git-fixes). * usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). * usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). * usb: serial: option: add lara-r6 01b pids (git-fixes). * usb: typec: fix fast_role_swap_current show function (git-fixes). * usb: typec: iterate pds array when showing the pd list (git-fixes). * usb: typec: set port->pd before adding device for typec_port (git-fixes). * usb: typec: use sysfs_emit_at when concatenating the string (git-fixes). * usb: xhci-mtk: set the dma max_seg_size (git-fixes). * usb: xhci: remove unused udev from xhci_log_ctx trace event (git-fixes). * usrmerge: adjust module path in the kernel sources (bsc#1212835). * vhost: support packed when setting-getting vring_base (git-fixes). * vhost_net: revert upend_idx only on retriable error (git-fixes). * virtio-net: maintain reverse cleanup order (git-fixes). * virtio_net: fix error unwinding of xdp initialization (git-fixes). * w1: fix loop in w1_fini() (git-fixes). * w1: w1_therm: fix locking behavior in convert_t (git-fixes). * wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). * wifi: ath10k: trigger sta disconnect after reconfig complete on hardware restart (git-fixes). * wifi: ath11k: add missing check for ioremap (git-fixes). * wifi: ath11k: add support for suspend in power down state (bsc#1207948). * wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948). * wifi: ath11k: handle thermal device registeration together with mac (bsc#1207948). * wifi: ath11k: remove mhi loopback channels (bsc#1207948). * wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git- fixes). * wifi: ath9k: convert msecs to jiffies where needed (git-fixes). * wifi: ath9k: do not allow to overwrite endpoint0 attributes (git-fixes). * wifi: ath9k: fix ar9003 mac hardware hang check register offset calculation (git-fixes). * wifi: ath9k: fix possible stall on ath9k_txq_list_has_key() (git-fixes). * wifi: atmel: fix an error handling path in atmel_probe() (git-fixes). * wifi: cfg80211: rewrite merging of inherited elements (git-fixes). * wifi: iwlwifi: mvm: indicate hw decrypt for beacon protection (git-fixes). * wifi: iwlwifi: pcie: fix null pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). * wifi: iwlwifi: pull from txqs with softirqs disabled (git-fixes). * wifi: mwifiex: fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). * wifi: orinoco: fix an error handling path in orinoco_cs_probe() (git-fixes). * wifi: orinoco: fix an error handling path in spectrum_cs_probe() (git- fixes). * wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes). * wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes). * wifi: rsi: do not configure wowlan in shutdown hook if not enabled (git- fixes). * wifi: rsi: do not set mmc_pm_keep_power in shutdown (git-fixes). * wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git- fixes). * wifi: wilc1000: fix for absent rsn capabilities wfa testcase (git-fixes). * wl3501_cs: use eth_hw_addr_set() (git-fixes). * writeback: fix call of incorrect macro (bsc#1213024). * writeback: fix dereferencing null mapping->host on writeback_page_template (git-fixes). * x86/amd_nb: add pci id for family 19h model 78h (git-fixes). * x86/build: avoid relocation information in final vmlinux (bsc#1187829). * x86/kprobes: fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). * x86/platform/uv: add platform resolving #defines for misc gam_mmioh_redirect* (bsc#1212256 jsc#ped-4718). * x86/platform/uv: fix printed information in calc_mmioh_map (bsc#1212256 jsc#ped-4718). * x86/platform/uv: helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#ped-4718). * x86/platform/uv: introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#ped-4718). * x86/platform/uv: remove remaining bug_on() and bug() calls (bsc#1212256 jsc#ped-4718). * x86/platform/uv: update uv platform code for snc (bsc#1212256 jsc#ped-4718). * x86/platform/uv: uv support for sub-numa clustering (bsc#1212256 jsc#ped-4718). * x86/platform/uv: when searching for minimums, start at int_max not 99999 (bsc#1212256 jsc#ped-4718). * x86/pvh: obtain vga console info in dom0 (git-fixes). * x86/xen: fix secondary processor fpu initialization (bsc#1212869). * x86: fix .brk attribute in linker script (git-fixes). * xen/blkfront: only check req_fua for writes (git-fixes). * xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git- fixes). * xfs: ail needs asynchronous cil forcing (bsc#1211811). * xfs: async cil flushes need pending pushes to be made stable (bsc#1211811). * xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). * xfs: cil work is serialised, not pipelined (bsc#1211811). * xfs: clean up the rtbitmap fsmap backend (git-fixes). * xfs: do not deplete the reserve pool when trying to shrink the fs (git- fixes). * xfs: do not reverse order of items in bulk ail insertion (git-fixes). * xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). * xfs: drop async cache flushes from cil commits (bsc#1211811). * xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). * xfs: fix getfsmap reporting past the last rt extent (git-fixes). * xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git- fixes). * xfs: fix interval filtering in multi-step fsmap queries (git-fixes). * xfs: fix logdev fsmap query result filtering (git-fixes). * xfs: fix off-by-one error when the last rt extent is in use (git-fixes). * xfs: fix uninitialized variable access (git-fixes). * xfs: make fsmap backend function key parameters const (git-fixes). * xfs: make the record pointer passed to query_range functions const (git- fixes). * xfs: move the cil workqueue to the cil (bsc#1211811). * xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). * xfs: order cil checkpoint start records (bsc#1211811). * xfs: pass a cil context to xlog_write() (bsc#1211811). * xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). * xfs: rework xlog_state_do_callback() (bsc#1211811). * xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). * xfs: separate out log shutdown callback processing (bsc#1211811). * xfs: wait iclog complete before tearing down ail (bsc#1211811). * xfs: xlog_state_ioerror must die (bsc#1211811). * xhci: fix resume issue of some zhaoxin hosts (git-fixes). * xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes). * xhci: show zhaoxin xhci root hub speed correctly (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3302=1 openSUSE-SLE-15.5-2023-3302=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3302=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-3302=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-devel-rt-5.14.21-150500.13.11.1 * kernel-source-rt-5.14.21-150500.13.11.1 * openSUSE Leap 15.5 (x86_64) * kernel-rt-vdso-debuginfo-5.14.21-150500.13.11.1 * kernel-livepatch-SLE15-SP5-RT_Update_3-debugsource-1-150500.11.5.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.11.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.11.1 * kernel-rt-debuginfo-5.14.21-150500.13.11.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.11.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.11.1 * kernel-rt-debugsource-5.14.21-150500.13.11.1 * kselftests-kmp-rt-5.14.21-150500.13.11.1 * cluster-md-kmp-rt-5.14.21-150500.13.11.1 * kernel-rt-livepatch-5.14.21-150500.13.11.1 * kernel-syms-rt-5.14.21-150500.13.11.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.11.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.11.1 * gfs2-kmp-rt-5.14.21-150500.13.11.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.11.1 * ocfs2-kmp-rt-5.14.21-150500.13.11.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.11.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.11.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.11.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.11.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.11.1 * kernel-livepatch-5_14_21-150500_13_11-rt-debuginfo-1-150500.11.5.1 * kernel-rt-optional-5.14.21-150500.13.11.1 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.11.1 * kernel-rt-devel-5.14.21-150500.13.11.1 * kernel-rt_debug-devel-5.14.21-150500.13.11.1 * dlm-kmp-rt-5.14.21-150500.13.11.1 * kernel-rt-vdso-5.14.21-150500.13.11.1 * kernel-rt_debug-vdso-5.14.21-150500.13.11.1 * reiserfs-kmp-rt-5.14.21-150500.13.11.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.11.1 * kernel-rt-extra-5.14.21-150500.13.11.1 * kernel-livepatch-5_14_21-150500_13_11-rt-1-150500.11.5.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.11.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.11.1 * kernel-rt_debug-5.14.21-150500.13.11.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_3-debugsource-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_13_11-rt-debuginfo-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_13_11-rt-1-150500.11.5.1 * SUSE Real Time Module 15-SP5 (x86_64) * kernel-rt-vdso-debuginfo-5.14.21-150500.13.11.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.11.1 * kernel-rt-debuginfo-5.14.21-150500.13.11.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.11.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.11.1 * kernel-rt-debugsource-5.14.21-150500.13.11.1 * kernel-syms-rt-5.14.21-150500.13.11.1 * cluster-md-kmp-rt-5.14.21-150500.13.11.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.11.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.11.1 * gfs2-kmp-rt-5.14.21-150500.13.11.1 * ocfs2-kmp-rt-5.14.21-150500.13.11.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.11.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.11.1 * kernel-rt-devel-5.14.21-150500.13.11.1 * kernel-rt_debug-devel-5.14.21-150500.13.11.1 * dlm-kmp-rt-5.14.21-150500.13.11.1 * kernel-rt-vdso-5.14.21-150500.13.11.1 * kernel-rt_debug-vdso-5.14.21-150500.13.11.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.11.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.11.1 * SUSE Real Time Module 15-SP5 (noarch) * kernel-devel-rt-5.14.21-150500.13.11.1 * kernel-source-rt-5.14.21-150500.13.11.1 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.11.1 * kernel-rt_debug-5.14.21-150500.13.11.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-21400.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2166.html * https://www.suse.com/security/cve/CVE-2023-2430.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-3111.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3212.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3389.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://www.suse.com/security/cve/CVE-2023-38409.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://bugzilla.suse.com/show_bug.cgi?id=1150305 * https://bugzilla.suse.com/show_bug.cgi?id=1187829 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207129 * https://bugzilla.suse.com/show_bug.cgi?id=1207894 * https://bugzilla.suse.com/show_bug.cgi?id=1207948 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * https://bugzilla.suse.com/show_bug.cgi?id=1210565 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1210627 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1210825 * https://bugzilla.suse.com/show_bug.cgi?id=1210853 * https://bugzilla.suse.com/show_bug.cgi?id=1211014 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211243 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211811 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212051 * https://bugzilla.suse.com/show_bug.cgi?id=1212256 * https://bugzilla.suse.com/show_bug.cgi?id=1212265 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212445 * https://bugzilla.suse.com/show_bug.cgi?id=1212456 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212525 * https://bugzilla.suse.com/show_bug.cgi?id=1212603 * https://bugzilla.suse.com/show_bug.cgi?id=1212604 * https://bugzilla.suse.com/show_bug.cgi?id=1212685 * https://bugzilla.suse.com/show_bug.cgi?id=1212766 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212838 * https://bugzilla.suse.com/show_bug.cgi?id=1212842 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1212848 * https://bugzilla.suse.com/show_bug.cgi?id=1212861 * https://bugzilla.suse.com/show_bug.cgi?id=1212869 * https://bugzilla.suse.com/show_bug.cgi?id=1212892 * https://bugzilla.suse.com/show_bug.cgi?id=1212901 * https://bugzilla.suse.com/show_bug.cgi?id=1212905 * https://bugzilla.suse.com/show_bug.cgi?id=1212961 * https://bugzilla.suse.com/show_bug.cgi?id=1213010 * https://bugzilla.suse.com/show_bug.cgi?id=1213011 * https://bugzilla.suse.com/show_bug.cgi?id=1213012 * https://bugzilla.suse.com/show_bug.cgi?id=1213013 * https://bugzilla.suse.com/show_bug.cgi?id=1213014 * https://bugzilla.suse.com/show_bug.cgi?id=1213015 * https://bugzilla.suse.com/show_bug.cgi?id=1213016 * https://bugzilla.suse.com/show_bug.cgi?id=1213017 * https://bugzilla.suse.com/show_bug.cgi?id=1213018 * https://bugzilla.suse.com/show_bug.cgi?id=1213019 * https://bugzilla.suse.com/show_bug.cgi?id=1213020 * https://bugzilla.suse.com/show_bug.cgi?id=1213021 * https://bugzilla.suse.com/show_bug.cgi?id=1213024 * https://bugzilla.suse.com/show_bug.cgi?id=1213025 * https://bugzilla.suse.com/show_bug.cgi?id=1213032 * https://bugzilla.suse.com/show_bug.cgi?id=1213034 * https://bugzilla.suse.com/show_bug.cgi?id=1213035 * https://bugzilla.suse.com/show_bug.cgi?id=1213036 * https://bugzilla.suse.com/show_bug.cgi?id=1213037 * https://bugzilla.suse.com/show_bug.cgi?id=1213038 * https://bugzilla.suse.com/show_bug.cgi?id=1213039 * https://bugzilla.suse.com/show_bug.cgi?id=1213040 * https://bugzilla.suse.com/show_bug.cgi?id=1213041 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213087 * https://bugzilla.suse.com/show_bug.cgi?id=1213088 * https://bugzilla.suse.com/show_bug.cgi?id=1213089 * https://bugzilla.suse.com/show_bug.cgi?id=1213090 * https://bugzilla.suse.com/show_bug.cgi?id=1213092 * https://bugzilla.suse.com/show_bug.cgi?id=1213093 * https://bugzilla.suse.com/show_bug.cgi?id=1213094 * https://bugzilla.suse.com/show_bug.cgi?id=1213095 * https://bugzilla.suse.com/show_bug.cgi?id=1213096 * https://bugzilla.suse.com/show_bug.cgi?id=1213098 * https://bugzilla.suse.com/show_bug.cgi?id=1213099 * https://bugzilla.suse.com/show_bug.cgi?id=1213100 * https://bugzilla.suse.com/show_bug.cgi?id=1213102 * https://bugzilla.suse.com/show_bug.cgi?id=1213103 * https://bugzilla.suse.com/show_bug.cgi?id=1213104 * https://bugzilla.suse.com/show_bug.cgi?id=1213105 * https://bugzilla.suse.com/show_bug.cgi?id=1213106 * https://bugzilla.suse.com/show_bug.cgi?id=1213107 * https://bugzilla.suse.com/show_bug.cgi?id=1213108 * https://bugzilla.suse.com/show_bug.cgi?id=1213109 * https://bugzilla.suse.com/show_bug.cgi?id=1213110 * https://bugzilla.suse.com/show_bug.cgi?id=1213111 * https://bugzilla.suse.com/show_bug.cgi?id=1213112 * https://bugzilla.suse.com/show_bug.cgi?id=1213113 * https://bugzilla.suse.com/show_bug.cgi?id=1213114 * https://bugzilla.suse.com/show_bug.cgi?id=1213116 * https://bugzilla.suse.com/show_bug.cgi?id=1213134 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213205 * https://bugzilla.suse.com/show_bug.cgi?id=1213206 * https://bugzilla.suse.com/show_bug.cgi?id=1213226 * https://bugzilla.suse.com/show_bug.cgi?id=1213233 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213247 * https://bugzilla.suse.com/show_bug.cgi?id=1213252 * https://bugzilla.suse.com/show_bug.cgi?id=1213258 * https://bugzilla.suse.com/show_bug.cgi?id=1213259 * https://bugzilla.suse.com/show_bug.cgi?id=1213263 * https://bugzilla.suse.com/show_bug.cgi?id=1213264 * https://bugzilla.suse.com/show_bug.cgi?id=1213272 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213304 * https://bugzilla.suse.com/show_bug.cgi?id=1213417 * https://bugzilla.suse.com/show_bug.cgi?id=1213493 * https://bugzilla.suse.com/show_bug.cgi?id=1213523 * https://bugzilla.suse.com/show_bug.cgi?id=1213524 * https://bugzilla.suse.com/show_bug.cgi?id=1213533 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213578 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213620 * https://bugzilla.suse.com/show_bug.cgi?id=1213632 * https://bugzilla.suse.com/show_bug.cgi?id=1213653 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213713 * https://bugzilla.suse.com/show_bug.cgi?id=1213715 * https://bugzilla.suse.com/show_bug.cgi?id=1213747 * https://bugzilla.suse.com/show_bug.cgi?id=1213756 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213777 * https://bugzilla.suse.com/show_bug.cgi?id=1213810 * https://bugzilla.suse.com/show_bug.cgi?id=1213812 * https://bugzilla.suse.com/show_bug.cgi?id=1213856 * https://bugzilla.suse.com/show_bug.cgi?id=1213857 * https://bugzilla.suse.com/show_bug.cgi?id=1213863 * https://bugzilla.suse.com/show_bug.cgi?id=1213867 * https://bugzilla.suse.com/show_bug.cgi?id=1213870 * https://bugzilla.suse.com/show_bug.cgi?id=1213871 * https://bugzilla.suse.com/show_bug.cgi?id=1213872 * https://jira.suse.com/browse/PED-4718 * https://jira.suse.com/browse/PED-4758 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 08:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 08:30:43 -0000 Subject: SUSE-SU-2023:3301-1: moderate: Security update for libyajl Message-ID: <169200184380.25788.789314426721100235@smelt2.suse.de> # Security update for libyajl Announcement ID: SUSE-SU-2023:3301-1 Rating: moderate References: * #1212928 Cross-References: * CVE-2023-33460 CVSS scores: * CVE-2023-33460 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-33460 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libyajl fixes the following issues: * CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3301=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3301=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3301=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3301=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3301=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3301=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3301=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3301=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3301=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3301=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3301=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3301=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3301=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3301=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3301=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3301=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3301=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * yajl-debuginfo-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * yajl-2.1.0-150000.4.6.1 * libyajl-devel-static-2.1.0-150000.4.6.1 * libyajl-devel-2.1.0-150000.4.6.1 * libyajl2-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * openSUSE Leap 15.4 (x86_64) * libyajl-devel-32bit-2.1.0-150000.4.6.1 * libyajl2-32bit-2.1.0-150000.4.6.1 * libyajl2-32bit-debuginfo-2.1.0-150000.4.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * yajl-debuginfo-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * yajl-2.1.0-150000.4.6.1 * libyajl-devel-static-2.1.0-150000.4.6.1 * libyajl-devel-2.1.0-150000.4.6.1 * libyajl2-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * openSUSE Leap 15.5 (x86_64) * libyajl-devel-32bit-2.1.0-150000.4.6.1 * libyajl2-32bit-2.1.0-150000.4.6.1 * libyajl2-32bit-debuginfo-2.1.0-150000.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl-devel-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl-devel-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl-devel-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * SUSE Manager Proxy 4.2 (x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl-devel-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl-devel-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl-devel-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libyajl2-2.1.0-150000.4.6.1 * libyajl-debugsource-2.1.0-150000.4.6.1 * libyajl2-debuginfo-2.1.0-150000.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-33460.html * https://bugzilla.suse.com/show_bug.cgi?id=1212928 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 08:30:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 08:30:47 -0000 Subject: SUSE-SU-2023:3300-1: important: Security update for webkit2gtk3 Message-ID: <169200184753.25788.14539726598035005107@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:3300-1 Rating: important References: * #1211658 * #1211659 * #1211846 * #1212863 * #1213905 Cross-References: * CVE-2022-48503 * CVE-2023-28204 * CVE-2023-32373 * CVE-2023-32435 * CVE-2023-32439 * CVE-2023-38133 * CVE-2023-38572 * CVE-2023-38592 * CVE-2023-38594 * CVE-2023-38595 * CVE-2023-38597 * CVE-2023-38599 * CVE-2023-38600 * CVE-2023-38611 CVSS scores: * CVE-2022-48503 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-28204 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-32373 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32435 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32435 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32439 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32439 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38133 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-38572 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-38592 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38594 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38595 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38597 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38599 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-38600 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38611 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 14 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 (bsc#1213905): * CVE-2023-38133: Fixed information disclosure. * CVE-2023-38572: Fixed Same-Origin-Policy bypass. * CVE-2023-38592: Fixed arbitrary code execution. * CVE-2023-38594: Fixed arbitrary code execution. * CVE-2023-38595: Fixed arbitrary code execution. * CVE-2023-38597: Fixed arbitrary code execution. * CVE-2023-38599: Fixed sensitive user information tracking. * CVE-2023-38600: Fixed arbitrary code execution. * CVE-2023-38611: Fixed arbitrary code execution. * CVE-2022-48503: Fixed arbitrary code execution. * CVE-2023-32439: Fixed arbitrary code execution. * CVE-2023-32435: Fixed arbitrary code execution. Add security patches (bsc#1211846): * CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659). * CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3300=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3300=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3300=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150000.3.144.1 * webkit2gtk3-devel-2.40.5-150000.3.144.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150000.3.144.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150000.3.144.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150000.3.144.1 * webkit2gtk3-debugsource-2.40.5-150000.3.144.1 * libwebkit2gtk-4_0-37-2.40.5-150000.3.144.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150000.3.144.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150000.3.144.1 * typelib-1_0-WebKit2-4_0-2.40.5-150000.3.144.1 * libjavascriptcoregtk-4_0-18-2.40.5-150000.3.144.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.40.5-150000.3.144.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150000.3.144.1 * webkit2gtk3-devel-2.40.5-150000.3.144.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150000.3.144.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150000.3.144.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150000.3.144.1 * webkit2gtk3-debugsource-2.40.5-150000.3.144.1 * libwebkit2gtk-4_0-37-2.40.5-150000.3.144.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150000.3.144.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150000.3.144.1 * typelib-1_0-WebKit2-4_0-2.40.5-150000.3.144.1 * libjavascriptcoregtk-4_0-18-2.40.5-150000.3.144.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * libwebkit2gtk3-lang-2.40.5-150000.3.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150000.3.144.1 * webkit2gtk3-devel-2.40.5-150000.3.144.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150000.3.144.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150000.3.144.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150000.3.144.1 * webkit2gtk3-debugsource-2.40.5-150000.3.144.1 * libwebkit2gtk-4_0-37-2.40.5-150000.3.144.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150000.3.144.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150000.3.144.1 * typelib-1_0-WebKit2-4_0-2.40.5-150000.3.144.1 * libjavascriptcoregtk-4_0-18-2.40.5-150000.3.144.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * libwebkit2gtk3-lang-2.40.5-150000.3.144.1 * SUSE CaaS Platform 4.0 (x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150000.3.144.1 * webkit2gtk3-devel-2.40.5-150000.3.144.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150000.3.144.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150000.3.144.1 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150000.3.144.1 * webkit2gtk3-debugsource-2.40.5-150000.3.144.1 * libwebkit2gtk-4_0-37-2.40.5-150000.3.144.1 * webkit2gtk-4_0-injected-bundles-2.40.5-150000.3.144.1 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150000.3.144.1 * typelib-1_0-WebKit2-4_0-2.40.5-150000.3.144.1 * libjavascriptcoregtk-4_0-18-2.40.5-150000.3.144.1 * SUSE CaaS Platform 4.0 (noarch) * libwebkit2gtk3-lang-2.40.5-150000.3.144.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48503.html * https://www.suse.com/security/cve/CVE-2023-28204.html * https://www.suse.com/security/cve/CVE-2023-32373.html * https://www.suse.com/security/cve/CVE-2023-32435.html * https://www.suse.com/security/cve/CVE-2023-32439.html * https://www.suse.com/security/cve/CVE-2023-38133.html * https://www.suse.com/security/cve/CVE-2023-38572.html * https://www.suse.com/security/cve/CVE-2023-38592.html * https://www.suse.com/security/cve/CVE-2023-38594.html * https://www.suse.com/security/cve/CVE-2023-38595.html * https://www.suse.com/security/cve/CVE-2023-38597.html * https://www.suse.com/security/cve/CVE-2023-38599.html * https://www.suse.com/security/cve/CVE-2023-38600.html * https://www.suse.com/security/cve/CVE-2023-38611.html * https://bugzilla.suse.com/show_bug.cgi?id=1211658 * https://bugzilla.suse.com/show_bug.cgi?id=1211659 * https://bugzilla.suse.com/show_bug.cgi?id=1211846 * https://bugzilla.suse.com/show_bug.cgi?id=1212863 * https://bugzilla.suse.com/show_bug.cgi?id=1213905 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 08:30:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 08:30:49 -0000 Subject: SUSE-RU-2023:3299-1: moderate: Recommended update for kubernetes1.18 Message-ID: <169200184928.25788.2259047665904303847@smelt2.suse.de> # Recommended update for kubernetes1.18 Announcement ID: SUSE-RU-2023:3299-1 Rating: moderate References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for kubernetes1.18 fixes the following issues: * Update `Requires` in the "kubernetes1.18-client" package ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3299=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3299=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3299=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3299=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-3299=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3299=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3299=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3299=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3299=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3299=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3299=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3299=1 ## Package List: * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * openSUSE Leap 15.4 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * openSUSE Leap 15.5 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.15.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * Containers Module 15-SP4 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.15.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kubernetes1.18-client-common-1.18.10-150200.5.15.1 * kubernetes1.18-client-1.18.10-150200.5.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.15.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 12:30:03 -0000 Subject: SUSE-SU-2023:3308-1: moderate: Security update for openssl-1_0_0 Message-ID: <169201620316.5283.8411160871333997329@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:3308-1 Rating: moderate References: * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3308=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libopenssl1_0_0-hmac-1.0.2j-60.104.1 * libopenssl-devel-1.0.2j-60.104.1 * libopenssl1_0_0-hmac-32bit-1.0.2j-60.104.1 * libopenssl1_0_0-32bit-1.0.2j-60.104.1 * openssl-debugsource-1.0.2j-60.104.1 * openssl-debuginfo-1.0.2j-60.104.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.104.1 * libopenssl1_0_0-debuginfo-1.0.2j-60.104.1 * libopenssl1_0_0-1.0.2j-60.104.1 * openssl-1.0.2j-60.104.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * openssl-doc-1.0.2j-60.104.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 12:30:05 -0000 Subject: SUSE-SU-2023:3307-1: important: Security update for docker Message-ID: <169201620561.5283.17774246418036019481@smelt2.suse.de> # Security update for docker Announcement ID: SUSE-SU-2023:3307-1 Rating: important References: * #1214107 * #1214108 * #1214109 Cross-References: * CVE-2023-28840 * CVE-2023-28841 * CVE-2023-28842 CVSS scores: * CVE-2023-28840 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L * CVE-2023-28840 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L * CVE-2023-28841 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2023-28841 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2023-28842 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2023-28842 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: * Containers Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for docker fixes the following issues: * Update to v20.10.25-ce * CVE-2023-28840: Fixed a bug where an attacker could inject arbitrary Ethernet frames to execute a Denial of Service attack. (bsc#1214107) * CVE-2023-28841: Fixed a bug which allows an attacker to sit in a trusted position on the network and read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure (bsc#1214108) * CVE-2023-28842: Fixed a bug which allows an attacker to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. (bsc#1214109) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2023-3307=1 ## Package List: * Containers Module 12 (ppc64le s390x x86_64) * docker-20.10.25_ce-98.93.1 * docker-debuginfo-20.10.25_ce-98.93.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28840.html * https://www.suse.com/security/cve/CVE-2023-28841.html * https://www.suse.com/security/cve/CVE-2023-28842.html * https://bugzilla.suse.com/show_bug.cgi?id=1214107 * https://bugzilla.suse.com/show_bug.cgi?id=1214108 * https://bugzilla.suse.com/show_bug.cgi?id=1214109 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 12:30:08 -0000 Subject: SUSE-SU-2023:3306-1: important: Security update for nodejs14 Message-ID: <169201620850.5283.11803007507250666950@smelt2.suse.de> # Security update for nodejs14 Announcement ID: SUSE-SU-2023:3306-1 Rating: important References: * #1212574 * #1212582 * #1212583 * #1214150 * #1214154 * #1214156 Cross-References: * CVE-2023-30581 * CVE-2023-30589 * CVE-2023-30590 * CVE-2023-32002 * CVE-2023-32006 * CVE-2023-32559 CVSS scores: * CVE-2023-30581 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-30589 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-30590 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-32002 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves six vulnerabilities can now be installed. ## Description: This update for nodejs14 fixes the following issues: * CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). * CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). * CVE-2023-30581: Fixed mainModule.proto bypass (bsc#1212574). * CVE-2023-30590: Fixed missing DiffieHellman key generation (bsc#1212583). * CVE-2023-30589: Fixed HTTP Request Smuggling via Empty headers separated by CR (bsc#1212582). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-3306=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * npm14-14.21.3-6.46.1 * nodejs14-devel-14.21.3-6.46.1 * nodejs14-debuginfo-14.21.3-6.46.1 * nodejs14-14.21.3-6.46.1 * nodejs14-debugsource-14.21.3-6.46.1 * Web and Scripting Module 12 (noarch) * nodejs14-docs-14.21.3-6.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30581.html * https://www.suse.com/security/cve/CVE-2023-30589.html * https://www.suse.com/security/cve/CVE-2023-30590.html * https://www.suse.com/security/cve/CVE-2023-32002.html * https://www.suse.com/security/cve/CVE-2023-32006.html * https://www.suse.com/security/cve/CVE-2023-32559.html * https://bugzilla.suse.com/show_bug.cgi?id=1212574 * https://bugzilla.suse.com/show_bug.cgi?id=1212582 * https://bugzilla.suse.com/show_bug.cgi?id=1212583 * https://bugzilla.suse.com/show_bug.cgi?id=1214150 * https://bugzilla.suse.com/show_bug.cgi?id=1214154 * https://bugzilla.suse.com/show_bug.cgi?id=1214156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 12:30:11 -0000 Subject: SUSE-SU-2023:3305-1: important: Security update for java-1_8_0-openj9 Message-ID: <169201621189.5283.8260381216685205737@smelt2.suse.de> # Security update for java-1_8_0-openj9 Announcement ID: SUSE-SU-2023:3305-1 Rating: important References: * #1210628 * #1210631 * #1210632 * #1210634 * #1210635 * #1210636 * #1210637 * #1211615 Cross-References: * CVE-2023-21930 * CVE-2023-21937 * CVE-2023-21938 * CVE-2023-21939 * CVE-2023-21954 * CVE-2023-21967 * CVE-2023-21968 * CVE-2023-2597 CVSS scores: * CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-2597 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2597 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u372 build 07 with OpenJ9 0.38.0 virtual machine. CVE-2023-21930: Unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1210628). CVE-2023-21937: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). (bsc#1210631). CVE-2023-21938: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). (bsc#1210632). CVE-2023-21939: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). (bsc#1210634). CVE-2023-21954: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). (bsc#1210635). CVE-2023-21967: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). (bsc#1210636). CVE-2023-21968: Fixed ulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) (bsc#1210637). CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3305=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3305=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3305=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-devel-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-debugsource-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-demo-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-headless-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-devel-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-debugsource-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-demo-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-headless-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2 * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-devel-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-debugsource-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-demo-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-headless-debuginfo-1.8.0.372-150200.3.33.2 * java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2 ## References: * https://www.suse.com/security/cve/CVE-2023-21930.html * https://www.suse.com/security/cve/CVE-2023-21937.html * https://www.suse.com/security/cve/CVE-2023-21938.html * https://www.suse.com/security/cve/CVE-2023-21939.html * https://www.suse.com/security/cve/CVE-2023-21954.html * https://www.suse.com/security/cve/CVE-2023-21967.html * https://www.suse.com/security/cve/CVE-2023-21968.html * https://www.suse.com/security/cve/CVE-2023-2597.html * https://bugzilla.suse.com/show_bug.cgi?id=1210628 * https://bugzilla.suse.com/show_bug.cgi?id=1210631 * https://bugzilla.suse.com/show_bug.cgi?id=1210632 * https://bugzilla.suse.com/show_bug.cgi?id=1210634 * https://bugzilla.suse.com/show_bug.cgi?id=1210635 * https://bugzilla.suse.com/show_bug.cgi?id=1210636 * https://bugzilla.suse.com/show_bug.cgi?id=1210637 * https://bugzilla.suse.com/show_bug.cgi?id=1211615 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 12:30:14 -0000 Subject: SUSE-SU-2023:3303-1: moderate: Security update for poppler Message-ID: <169201621415.5283.3897262725350616803@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:3303-1 Rating: moderate References: * #1150039 Cross-References: * CVE-2019-16115 CVSS scores: * CVE-2019-16115 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2019-16115 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. (bsc#1150039) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3303=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler44-0.24.4-14.29.1 * libpoppler44-debuginfo-0.24.4-14.29.1 ## References: * https://www.suse.com/security/cve/CVE-2019-16115.html * https://bugzilla.suse.com/show_bug.cgi?id=1150039 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 16:30:11 -0000 Subject: SUSE-SU-2023:3309-1: important: Security update for the Linux Kernel Message-ID: <169203061149.30919.3242671778987916565@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3309-1 Rating: important References: * #1188885 * #1202670 * #1206418 * #1207526 * #1207528 * #1211738 * #1212266 * #1213167 * #1213287 * #1213350 * #1213585 * #1213586 * #1213588 * #1213705 * #1213747 * #1213766 * #1213819 * #1213823 * #1213825 * #1213827 * #1213842 * #962880 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves seven vulnerabilities and has 15 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: A transient execution attack called "Gather Data Sampling" affecting is mitigated, together with respective Intel CPU Microcode updates (bsc#1206418, CVE-2022-40982). * CVE-2023-0459: Fixed that copy_from_user on 64-bit versions of the Linux kernel did not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check which could be used to leak information (bsc#1211738). * CVE-2023-20569: A side channel attack known as ?Inception? or ?RAS Poisoning? may allow an attacker to influence branch prediction, potentially leading to information disclosure. (bsc#1213287). * CVE-2023-3567: A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen. This flaw allowed an attacker with local user access to cause a system crash or leak internal kernel information (bsc#1213167bsc#1213842). * CVE-2023-3609: A use-after-free vulnerability was fixed in net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use- after-free vulnerability. (bsc#1213586). * CVE-2023-3611: An out-of-bounds write vulnerability was fixed in net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allowed an out-of- bounds write because lmax is updated according to packet sizes without bounds checks. (bsc#1213585). * CVE-2023-3776: A use-after-free vulnerability was fixed in net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use- after-free vulnerability. (bsc#1213588). The following non-security bugs were fixed: * Fix double fget() in vhost_net_set_backend() (git-fixes). * NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git- fixes). * SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes). * SUNRPC: remove the maximum number of retries in call_bind_status (git- fixes). * block: Fix a source code comment in include/uapi/linux/blkzoned.h (git- fixes). * livepatch: check kzalloc return values (git-fixes). * media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). * net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). * nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). * powerpc/64: Update Speculation_Store_Bypass in /proc/<pid>/status (bsc#1188885 ltc#193722 git-fixes). * powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). * rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS__. * s390/cio: add dev_busid sysfs entry for each subchannel (bsc#1207526). * s390/cio: check the subchannel validity for dev_busid (bsc#1207526). * s390/cio: introduce io_subchannel_type (bsc#1207526). * s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits (git- fixes bsc#1213827). * s390/maccess: add no DAT mode to kernel_write (git-fixes bsc#1213825). * s390/numa: move initial setup of node_to_cpumask_map (git-fixes bsc#1213766). * scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). * scsi: qla2xxx: Array index may go out of bound (bsc#1213747). * scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). * scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). * scsi: qla2xxx: Correct the index of array (bsc#1213747). * scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). * scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). * scsi: qla2xxx: Fix TMF leak through (bsc#1213747). * scsi: qla2xxx: Fix buffer overrun (bsc#1213747). * scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). * scsi: qla2xxx: Fix deletion race condition (bsc#1213747). * scsi: qla2xxx: Fix end of loop test (bsc#1213747). * scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). * scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). * scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). * scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). * scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). * scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). * scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). * scsi: qla2xxx: Silence a static checker warning (bsc#1213747). * scsi: qla2xxx: Turn off noisy message log (bsc#1213747). * scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). * scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). * scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). * svcrdma: Prevent page release when nothing was received (git-fixes). * vfio-ccw: Prevent quiesce function going into an infinite loop (git-fixes bsc#1213819). * vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev (git-fixes bsc#1213823). * vhost/test: fix build for vhost test (git-fixes). * vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). * vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git- fixes). * vhost/vsock: fix incorrect used length reported to the guest (git-fixes). * vhost/vsock: fix packet delivery order to monitoring devices (git-fixes). * vhost/vsock: split packets to send using multiple buffers (git-fixes). * vhost: Fix the calculation in vhost_overflow() (git-fixes). * vhost_net: disable zerocopy by default (git-fixes). * vhost_net: fix OoB on sendmsg() failure (git-fixes). * virtio-balloon: fix managed page counts when migrating pages between zones (git-fixes). * virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). * virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). * virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). * virtio: Improve vq->broken access to avoid any compiler optimization (git- fixes). * virtio_net: Fix error handling in virtnet_restore() (git-fixes). * virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). * virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). * virtio_ring: Fix querying of maximum DMA mapping size for virtio device (git-fixes). * vringh: Use wiov->used to check for read/write desc order (git-fixes). * vringh: fix __vringh_iov() when riov and wiov are different (git-fixes). * vsock/virtio: stop workers during the .remove() (git-fixes). * vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock (git- fixes). * xen/blkfront: Only check REQ_FUA for writes (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3309=1 SUSE-SLE- HA-12-SP5-2023-3309=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3309=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3309=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3309=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3309=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3309=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3309=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ocfs2-kmp-default-4.12.14-122.173.1 * kernel-default-devel-4.12.14-122.173.1 * kernel-default-debugsource-4.12.14-122.173.1 * gfs2-kmp-default-debuginfo-4.12.14-122.173.1 * kernel-syms-4.12.14-122.173.1 * dlm-kmp-default-debuginfo-4.12.14-122.173.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.173.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.173.1 * kernel-default-debuginfo-4.12.14-122.173.1 * kernel-default-base-debuginfo-4.12.14-122.173.1 * dlm-kmp-default-4.12.14-122.173.1 * cluster-md-kmp-default-4.12.14-122.173.1 * kernel-default-base-4.12.14-122.173.1 * gfs2-kmp-default-4.12.14-122.173.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.173.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-4.12.14-122.173.1 * kernel-macros-4.12.14-122.173.1 * kernel-source-4.12.14-122.173.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.173.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * ocfs2-kmp-default-4.12.14-122.173.1 * kernel-default-debugsource-4.12.14-122.173.1 * gfs2-kmp-default-debuginfo-4.12.14-122.173.1 * dlm-kmp-default-debuginfo-4.12.14-122.173.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.173.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.173.1 * kernel-default-debuginfo-4.12.14-122.173.1 * dlm-kmp-default-4.12.14-122.173.1 * cluster-md-kmp-default-4.12.14-122.173.1 * gfs2-kmp-default-4.12.14-122.173.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.173.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.173.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_173-default-1-8.3.3 * kernel-default-debugsource-4.12.14-122.173.1 * kernel-default-kgraft-4.12.14-122.173.1 * kernel-default-debuginfo-4.12.14-122.173.1 * kernel-default-kgraft-devel-4.12.14-122.173.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.173.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-4.12.14-122.173.1 * kernel-obs-build-4.12.14-122.173.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.173.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-devel-4.12.14-122.173.1 * kernel-default-debugsource-4.12.14-122.173.1 * kernel-syms-4.12.14-122.173.1 * kernel-default-base-debuginfo-4.12.14-122.173.1 * kernel-default-debuginfo-4.12.14-122.173.1 * kernel-default-base-4.12.14-122.173.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-4.12.14-122.173.1 * kernel-macros-4.12.14-122.173.1 * kernel-source-4.12.14-122.173.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.173.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.173.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-4.12.14-122.173.1 * kernel-default-debugsource-4.12.14-122.173.1 * kernel-syms-4.12.14-122.173.1 * kernel-default-base-debuginfo-4.12.14-122.173.1 * kernel-default-debuginfo-4.12.14-122.173.1 * kernel-default-base-4.12.14-122.173.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-4.12.14-122.173.1 * kernel-macros-4.12.14-122.173.1 * kernel-source-4.12.14-122.173.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.173.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.173.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.173.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-debuginfo-4.12.14-122.173.1 * kernel-default-extra-4.12.14-122.173.1 * kernel-default-debugsource-4.12.14-122.173.1 * kernel-default-extra-debuginfo-4.12.14-122.173.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1202670 * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207526 * https://bugzilla.suse.com/show_bug.cgi?id=1207528 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1212266 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213350 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213747 * https://bugzilla.suse.com/show_bug.cgi?id=1213766 * https://bugzilla.suse.com/show_bug.cgi?id=1213819 * https://bugzilla.suse.com/show_bug.cgi?id=1213823 * https://bugzilla.suse.com/show_bug.cgi?id=1213825 * https://bugzilla.suse.com/show_bug.cgi?id=1213827 * https://bugzilla.suse.com/show_bug.cgi?id=1213842 * https://bugzilla.suse.com/show_bug.cgi?id=962880 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 16:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 16:30:22 -0000 Subject: SUSE-SU-2023:3313-1: important: Security update for the Linux Kernel Message-ID: <169203062205.30919.15203462265460212712@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3313-1 Rating: important References: * #1206418 * #1207129 * #1210627 * #1210780 * #1211131 * #1211738 * #1212502 * #1212604 * #1212901 * #1213167 * #1213272 * #1213287 * #1213304 * #1213585 * #1213586 * #1213588 * #1213620 * #1213653 * #1213713 * #1213715 * #1213747 * #1213756 * #1213759 * #1213777 * #1213810 * #1213812 * #1213842 * #1213856 * #1213857 * #1213863 * #1213867 * #1213870 * #1213871 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-21400 * CVE-2023-2156 * CVE-2023-2166 * CVE-2023-31083 * CVE-2023-3268 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 * CVE-2023-4004 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 13 vulnerabilities and has 20 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: * afs: Fix access after dec in put functions (git-fixes). * afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). * afs: Fix dynamic root getattr (git-fixes). * afs: Fix fileserver probe RTT handling (git-fixes). * afs: Fix infinite loop found by xfstest generic/676 (git-fixes). * afs: Fix lost servers_outstanding count (git-fixes). * afs: Fix server->active leak in afs_put_server (git-fixes). * afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). * afs: Fix updating of i_size with dv jump from server (git-fixes). * afs: Fix vlserver probe RTT handling (git-fixes). * afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). * afs: Use refcount_t rather than atomic_t (git-fixes). * afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). * afs: adjust ack interpretation to try and cope with nat (git-fixes). * alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). * alsa: hda/realtek: support asus g713pv laptop (git-fixes). * alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). * alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). * alsa: usb-audio: update for native dsd support quirks (git-fixes). * asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). * asoc: codecs: es8316: fix dmic config (git-fixes). * asoc: da7219: check for failure reading aad irq events (git-fixes). * asoc: da7219: flush pending aad irq when suspending (git-fixes). * asoc: fsl_sai: disable bit clock with transmitter (git-fixes). * asoc: fsl_spdif: silence output on stop (git-fixes). * asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). * ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). * block, bfq: Fix division by zero error on zero wsum (bsc#1213653). * block: Fix a source code comment in include/uapi/linux/blkzoned.h (git- fixes). * can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). * ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). * coda: Avoid partial allocation of sig_inputArgs (git-fixes). * dlm: fix missing lkb refcount handling (git-fixes). * dlm: fix plock invalid read (git-fixes). * documentation: devices.txt: reconcile serial/ucc_uart minor numers (git- fixes). * drm/amd/display: Disable MPC split by default on special asic (git-fixes). * drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). * drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). * drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). * drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). * drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git- fixes). * drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). * file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). * fs: dlm: add midcomms init/start functions (git-fixes). * fs: dlm: do not set stop rx flag after node reset (git-fixes). * fs: dlm: filter user dlm messages for kernel locks (git-fixes). * fs: dlm: fix log of lowcomms vs midcomms (git-fixes). * fs: dlm: fix race between test_bit() and queue_work() (git-fixes). * fs: dlm: fix race in lowcomms (git-fixes). * fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). * fs: dlm: move sending fin message into state change handling (git-fixes). * fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). * fs: dlm: return positive pid value for F_GETLK (git-fixes). * fs: dlm: start midcomms before scand (git-fixes). * fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git- fixes). * fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). * fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). * fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). * gve: Set default duplex configuration to full (git-fixes). * gve: unify driver name usage (git-fixes). * hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git- fixes). * hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). * iavf: Fix out-of-bounds when setting channels on remove (git-fixes). * iavf: Fix use-after-free in free_netdev (git-fixes). * iavf: use internal state to free traffic IRQs (git-fixes). * igc: Check if hardware TX timestamping is enabled earlier (git-fixes). * igc: Enable and fix RX hash usage by netstack (git-fixes). * igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). * igc: Fix inserting of empty frame for launchtime (git-fixes). * igc: Fix launchtime before start of cycle (git-fixes). * igc: Fix race condition in PTP tx code (git-fixes). * igc: Handle PPS start time programming for past time values (git-fixes). * igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). * igc: Remove delay during TX ring configuration (git-fixes). * igc: Work around HW bug causing missing timestamps (git-fixes). * igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). * input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). * input: iqs269a - do not poll during ati (git-fixes). * input: iqs269a - do not poll during suspend or resume (git-fixes). * jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git- fixes). * jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). * jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). * jffs2: fix memory leak in jffs2_scan_medium (git-fixes). * jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). * jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). * jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). * kvm: arm64: do not read a hw interrupt pending state in user context (git- fixes) * kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) * kvm: do not null dereference ops->destroy (git-fixes) * kvm: downgrade two bug_ons to warn_on_once (git-fixes) * kvm: initialize debugfs_dentry when a vm is created to avoid null (git- fixes) * kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). * kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git- fixes). * kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git- fixes). * kvm: vmx: restore vmx_vmexit alignment (git-fixes). * kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). * libceph: harden msgr2.1 frame segment length checks (bsc#1213857). * media: staging: atomisp: select V4L2_FWNODE (git-fixes). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). * net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). * net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). * net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). * net: phy: marvell10g: fix 88x3310 power up (git-fixes). * nfsd: add encoding of op_recall flag for write delegation (git-fixes). * nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). * nfsd: fix sparse warning (git-fixes). * nfsd: remove open coding of string copy (git-fixes). * nfsv4.1: always send a reclaim_complete after establishing lease (git- fixes). * nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git- fixes). * nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). * nvme-pci: remove nvme_queue from nvme_iod (git-fixes). * octeontx-af: fix hardware timestamp configuration (git-fixes). * octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). * octeontx2-pf: Add additional check for MCAM rules (git-fixes). * phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git- fixes). * pinctrl: amd: Do not show `Invalid config param` errors (git-fixes). * pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). * platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git- fixes). * rdma/bnxt_re: fix hang during driver unload (git-fixes) * rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) * rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) * rdma/irdma: add missing read barriers (git-fixes) * rdma/irdma: fix data race on cqp completion stats (git-fixes) * rdma/irdma: fix data race on cqp request done (git-fixes) * rdma/irdma: fix op_type reporting in cqes (git-fixes) * rdma/irdma: report correct wc error (git-fixes) * rdma/mlx4: make check for invalid flags stricter (git-fixes) * rdma/mthca: fix crash when polling cq for shared qps (git-fixes) * regmap: Account for register length in SMBus I/O limits (git-fixes). * regmap: Drop initial version of maximum transfer length fixes (git-fixes). * revert "debugfs, coccinelle: check for obsolete define_simple_attribute() usage" (git-fixes). * revert "nfsv4: retry lock on old_stateid during delegation return" (git- fixes). * revert "usb: dwc3: core: enable autoretry feature in the controller" (git- fixes). * revert "usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()" (git-fixes). * revert "usb: xhci: tegra: fix error check" (git-fixes). * revert "xhci: add quirk for host controllers that do not update endpoint dcs" (git-fixes). * rxrpc, afs: Fix selection of abort codes (git-fixes). * s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). * s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). * s390/decompressor: specify __decompress() buf len to avoid overflow (git- fixes bsc#1213863). * s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). * s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). * s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). * s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). * scftorture: Count reschedule IPIs (git-fixes). * scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). * scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). * scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). * scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). * scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). * scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). * scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). * scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). * scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). * scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). * scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). * scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). * scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). * scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). * scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). * scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). * scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). * scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). * scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). * scsi: lpfc: Use struct_size() helper (bsc#1213756). * scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). * scsi: qla2xxx: Array index may go out of bound (bsc#1213747). * scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). * scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). * scsi: qla2xxx: Correct the index of array (bsc#1213747). * scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). * scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). * scsi: qla2xxx: Fix TMF leak through (bsc#1213747). * scsi: qla2xxx: Fix buffer overrun (bsc#1213747). * scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). * scsi: qla2xxx: Fix deletion race condition (bsc#1213747). * scsi: qla2xxx: Fix end of loop test (bsc#1213747). * scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). * scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). * scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). * scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). * scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). * scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). * scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). * scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). * scsi: qla2xxx: Silence a static checker warning (bsc#1213747). * scsi: qla2xxx: Turn off noisy message log (bsc#1213747). * scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). * scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). * scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). * scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). * serial: qcom-geni: drop bogus runtime pm state update (git-fixes). * serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). * soundwire: qcom: update status correctly with mask (git-fixes). * staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git- fixes). * staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). * sunrpc: always free ctxt when freeing deferred request (git-fixes). * sunrpc: double free xprt_ctxt while still in use (git-fixes). * sunrpc: fix trace_svc_register() call site (git-fixes). * sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). * sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). * sunrpc: remove the maximum number of retries in call_bind_status (git- fixes). * svcrdma: Prevent page release when nothing was received (git-fixes). * tpm_tis: Explicitly check for error code (git-fixes). * tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). * ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git- fixes). * ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). * ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git- fixes). * ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). * ubifs: Fix build errors as symbol undefined (git-fixes). * ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git- fixes). * ubifs: Fix memory leak in alloc_wbufs() (git-fixes). * ubifs: Fix memory leak in do_rename (git-fixes). * ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). * ubifs: Fix to add refcount once page is set private (git-fixes). * ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). * ubifs: Free memory for tmpfile name (git-fixes). * ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). * ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). * ubifs: Rectify space budget for ubifs_xrename() (git-fixes). * ubifs: Rename whiteout atomically (git-fixes). * ubifs: Reserve one leb for each journal head while doing budget (git-fixes). * ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git- fixes). * ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). * ubifs: rename_whiteout: correct old_dir size computing (git-fixes). * ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). * ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git- fixes). * usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). * usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). * usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). * usb: xhci-mtk: set the dma max_seg_size (git-fixes). * vhost: support PACKED when setting-getting vring_base (git-fixes). * vhost_net: revert upend_idx only on retriable error (git-fixes). * virtio-net: Maintain reverse cleanup order (git-fixes). * virtio_net: Fix error unwinding of XDP initialization (git-fixes). * x86/PVH: obtain VGA console info in Dom0 (git-fixes). * xen/blkfront: Only check REQ_FUA for writes (git-fixes). * xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3313=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3313=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3313=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3313=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3313=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3313=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3313=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3313=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3313=1 openSUSE-SLE-15.4-2023-3313=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3313=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3313=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3313=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3313=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.81.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-devel-5.14.21-150400.24.81.1 * kernel-64kb-debuginfo-5.14.21-150400.24.81.1 * kernel-64kb-debugsource-5.14.21-150400.24.81.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.81.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.81.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150400.24.81.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 * Basesystem Module 15-SP4 (noarch) * kernel-devel-5.14.21-150400.24.81.1 * kernel-macros-5.14.21-150400.24.81.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.81.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.81.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.81.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.81.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150400.24.81.1 * kernel-syms-5.14.21-150400.24.81.1 * kernel-obs-build-5.14.21-150400.24.81.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.81.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.81.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.81.1 * reiserfs-kmp-default-5.14.21-150400.24.81.1 * kernel-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.81.1 * kernel-livepatch-SLE15-SP4_Update_16-debugsource-1-150400.9.3.3 * kernel-livepatch-5_14_21-150400_24_81-default-1-150400.9.3.3 * kernel-default-livepatch-5.14.21-150400.24.81.1 * kernel-default-livepatch-devel-5.14.21-150400.24.81.1 * kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-1-150400.9.3.3 * kernel-default-debugsource-5.14.21-150400.24.81.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-5.14.21-150400.24.81.1 * kernel-default-debuginfo-5.14.21-150400.24.81.1 * cluster-md-kmp-default-5.14.21-150400.24.81.1 * gfs2-kmp-default-5.14.21-150400.24.81.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.81.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1 * dlm-kmp-default-5.14.21-150400.24.81.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150400.24.81.1 * kernel-default-extra-5.14.21-150400.24.81.1 * kernel-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-1-150400.9.3.3 * kernel-livepatch-5_14_21-150400_24_81-default-1-150400.9.3.3 * kernel-livepatch-SLE15-SP4_Update_16-debugsource-1-150400.9.3.3 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (noarch) * kernel-source-vanilla-5.14.21-150400.24.81.1 * kernel-source-5.14.21-150400.24.81.1 * kernel-devel-5.14.21-150400.24.81.1 * kernel-docs-html-5.14.21-150400.24.81.1 * kernel-macros-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-debuginfo-5.14.21-150400.24.81.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.81.1 * kernel-debug-devel-5.14.21-150400.24.81.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.81.1 * kernel-debug-debugsource-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-default-base-rebuild-5.14.21-150400.24.81.1.150400.24.35.3 * kernel-kvmsmall-debugsource-5.14.21-150400.24.81.1 * kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3 * kernel-kvmsmall-devel-5.14.21-150400.24.81.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.81.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.81.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-5.14.21-150400.24.81.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.81.1 * kernel-obs-build-5.14.21-150400.24.81.1 * kernel-default-livepatch-5.14.21-150400.24.81.1 * kernel-default-extra-5.14.21-150400.24.81.1 * kernel-default-optional-5.14.21-150400.24.81.1 * kernel-obs-qa-5.14.21-150400.24.81.1 * kernel-default-devel-5.14.21-150400.24.81.1 * kernel-obs-build-debugsource-5.14.21-150400.24.81.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.81.1 * gfs2-kmp-default-5.14.21-150400.24.81.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.81.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.81.1 * kselftests-kmp-default-5.14.21-150400.24.81.1 * dlm-kmp-default-5.14.21-150400.24.81.1 * kernel-syms-5.14.21-150400.24.81.1 * ocfs2-kmp-default-5.14.21-150400.24.81.1 * kernel-default-debuginfo-5.14.21-150400.24.81.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 * kernel-default-livepatch-devel-5.14.21-150400.24.81.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1 * reiserfs-kmp-default-5.14.21-150400.24.81.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.81.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (aarch64) * dtb-marvell-5.14.21-150400.24.81.1 * dtb-apple-5.14.21-150400.24.81.1 * dtb-renesas-5.14.21-150400.24.81.1 * dtb-qcom-5.14.21-150400.24.81.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.81.1 * kernel-64kb-devel-5.14.21-150400.24.81.1 * kernel-64kb-debugsource-5.14.21-150400.24.81.1 * dtb-altera-5.14.21-150400.24.81.1 * dtb-freescale-5.14.21-150400.24.81.1 * dtb-cavium-5.14.21-150400.24.81.1 * kernel-64kb-optional-5.14.21-150400.24.81.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.81.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.81.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.81.1 * gfs2-kmp-64kb-5.14.21-150400.24.81.1 * dtb-amd-5.14.21-150400.24.81.1 * dtb-amlogic-5.14.21-150400.24.81.1 * dtb-exynos-5.14.21-150400.24.81.1 * dtb-broadcom-5.14.21-150400.24.81.1 * ocfs2-kmp-64kb-5.14.21-150400.24.81.1 * cluster-md-kmp-64kb-5.14.21-150400.24.81.1 * dtb-allwinner-5.14.21-150400.24.81.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.81.1 * dtb-rockchip-5.14.21-150400.24.81.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.81.1 * dtb-amazon-5.14.21-150400.24.81.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.81.1 * kselftests-kmp-64kb-5.14.21-150400.24.81.1 * kernel-64kb-extra-5.14.21-150400.24.81.1 * dtb-nvidia-5.14.21-150400.24.81.1 * kernel-64kb-debuginfo-5.14.21-150400.24.81.1 * dtb-lg-5.14.21-150400.24.81.1 * dtb-arm-5.14.21-150400.24.81.1 * dtb-sprd-5.14.21-150400.24.81.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.81.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.81.1 * dtb-apm-5.14.21-150400.24.81.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.81.1 * dtb-xilinx-5.14.21-150400.24.81.1 * dlm-kmp-64kb-5.14.21-150400.24.81.1 * reiserfs-kmp-64kb-5.14.21-150400.24.81.1 * dtb-mediatek-5.14.21-150400.24.81.1 * dtb-socionext-5.14.21-150400.24.81.1 * dtb-hisilicon-5.14.21-150400.24.81.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.81.1 * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.81.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3 * kernel-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 * openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.81.1 * openSUSE Leap Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.81.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.81.1 * kernel-default-debugsource-5.14.21-150400.24.81.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-21400.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2166.html * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207129 * https://bugzilla.suse.com/show_bug.cgi?id=1210627 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212604 * https://bugzilla.suse.com/show_bug.cgi?id=1212901 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213272 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213304 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213620 * https://bugzilla.suse.com/show_bug.cgi?id=1213653 * https://bugzilla.suse.com/show_bug.cgi?id=1213713 * https://bugzilla.suse.com/show_bug.cgi?id=1213715 * https://bugzilla.suse.com/show_bug.cgi?id=1213747 * https://bugzilla.suse.com/show_bug.cgi?id=1213756 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213777 * https://bugzilla.suse.com/show_bug.cgi?id=1213810 * https://bugzilla.suse.com/show_bug.cgi?id=1213812 * https://bugzilla.suse.com/show_bug.cgi?id=1213842 * https://bugzilla.suse.com/show_bug.cgi?id=1213856 * https://bugzilla.suse.com/show_bug.cgi?id=1213857 * https://bugzilla.suse.com/show_bug.cgi?id=1213863 * https://bugzilla.suse.com/show_bug.cgi?id=1213867 * https://bugzilla.suse.com/show_bug.cgi?id=1213870 * https://bugzilla.suse.com/show_bug.cgi?id=1213871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 16:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 16:30:25 -0000 Subject: SUSE-RU-2023:3312-1: important: Recommended update for scap-security-guide Message-ID: <169203062573.30919.4665033635224485430@smelt2.suse.de> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:3312-1 Rating: important References: * #1213691 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for scap-security-guide fixes the following issues: * revert change to rule aide_periodic_cron_checking that broke the SLE hardening aide part that has incorrect dependencies (bsc#1213691) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3312=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3312=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-3312=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3312=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3312=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3312=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3312=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3312=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3312=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3312=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3312=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3312=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3312=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3312=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3312=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3312=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3312=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3312=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3312=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * openSUSE Leap 15.5 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * scap-security-guide-0.1.68-150000.1.62.1 * Basesystem Module 15-SP4 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * Basesystem Module 15-SP5 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Manager Proxy 4.2 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Manager Server 4.2 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE Enterprise Storage 7.1 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 * SUSE CaaS Platform 4.0 (noarch) * scap-security-guide-redhat-0.1.68-150000.1.62.1 * scap-security-guide-0.1.68-150000.1.62.1 * scap-security-guide-debian-0.1.68-150000.1.62.1 * scap-security-guide-ubuntu-0.1.68-150000.1.62.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213691 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 16:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 16:30:38 -0000 Subject: SUSE-SU-2023:3311-1: important: Security update for the Linux Kernel Message-ID: <169203063875.30919.17645745436885312079@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3311-1 Rating: important References: * #1206418 * #1207129 * #1207948 * #1210627 * #1210780 * #1210825 * #1211131 * #1211738 * #1211811 * #1212445 * #1212502 * #1212604 * #1212766 * #1212901 * #1213167 * #1213272 * #1213287 * #1213304 * #1213417 * #1213578 * #1213585 * #1213586 * #1213588 * #1213601 * #1213620 * #1213632 * #1213653 * #1213713 * #1213715 * #1213747 * #1213756 * #1213759 * #1213777 * #1213810 * #1213812 * #1213856 * #1213857 * #1213863 * #1213867 * #1213870 * #1213871 * #1213872 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-21400 * CVE-2023-2156 * CVE-2023-2166 * CVE-2023-31083 * CVE-2023-3268 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 * CVE-2023-38409 * CVE-2023-3863 * CVE-2023-4004 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-38409 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-38409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves 15 vulnerabilities and has 27 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-38409: Fixed an issue in set_con2fb_map in drivers/video/fbdev/core/fbcon.c. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info) (bsc#1213417). * CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC. This flaw allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: * ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid() (bsc#1212445). * ACPI: CPPC: Add definition for undefined FADT preferred PM profile value (bsc#1212445). * ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() (git- fixes). * ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). * afs: Adjust ACK interpretation to try and cope with NAT (git-fixes). * afs: Fix access after dec in put functions (git-fixes). * afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). * afs: Fix dynamic root getattr (git-fixes). * afs: Fix fileserver probe RTT handling (git-fixes). * afs: Fix infinite loop found by xfstest generic/676 (git-fixes). * afs: Fix lost servers_outstanding count (git-fixes). * afs: Fix server->active leak in afs_put_server (git-fixes). * afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). * afs: Fix updating of i_size with dv jump from server (git-fixes). * afs: Fix vlserver probe RTT handling (git-fixes). * afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). * afs: Use refcount_t rather than atomic_t (git-fixes). * afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). * ALSA: emu10k1: roll up loops in DSP setup code for Audigy (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). * ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). * ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). * ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). * ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). * ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes). * ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes). * ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (git- fixes). * ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (git- fixes). * ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset (bsc#1207129). * ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (git-fixes). * ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (git- fixes). * ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes). * ALSA: usb-audio: Avoid unnecessary interface change at EP close (git-fixes). * ALSA: usb-audio: Clear fixed clock rate at closing EP (git-fixes). * ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() (git-fixes). * ALSA: usb-audio: Drop superfluous interface setup at parsing (git-fixes). * ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (git-fixes). * ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (git- fixes). * ALSA: usb-audio: More refactoring of hw constraint rules (git-fixes). * ALSA: usb-audio: Properly refcounting clock rate (git-fixes). * ALSA: usb-audio: Rate limit usb_set_interface error reporting (git-fixes). * ALSA: usb-audio: Refcount multiple accesses on the single clock (git-fixes). * ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) (git-fixes). * ALSA: usb-audio: Update for native DSD support quirks (git-fixes). * ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update (git-fixes). * ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes). * amd-pstate: Fix amd_pstate mode switch (git-fixes). * ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count() (git-fixes). * ASoC: atmel: Fix the 8K sample parameter in I2SC master (git-fixes). * ASoc: codecs: ES8316: Fix DMIC config (git-fixes). * ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). * ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). * ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). * ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). * ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). * ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git- fixes). * ASoC: da7219: Check for failure reading AAD IRQ events (git-fixes). * ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes). * ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes). * ASoC: fsl_spdif: Silence output on stop (git-fixes). * ASoC: rt5640: Fix sleep in atomic context (git-fixes). * ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (git-fixes). * ASoC: rt711: fix for JD event handling in ClockStop Mode0 (git-fixes). * ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (git-fixes). * ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() (git-fixes). * ASoC: tegra: Fix ADX byte map (git-fixes). * ASoC: tegra: Fix AMX byte map (git-fixes). * ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (git-fixes). * ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). * block, bfq: Fix division by zero error on zero wsum (bsc#1213653). * block: Fix a source code comment in include/uapi/linux/blkzoned.h (git- fixes). * bus: mhi: add new interfaces to handle MHI channels directly (bsc#1207948). * bus: mhi: host: add destroy_device argument to mhi_power_down() (bsc#1207948). * can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). * ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). * coda: Avoid partial allocation of sig_inputArgs (git-fixes). * cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection (bsc#1212445). * cpufreq: amd-pstate: Add AMD P-State frequencies attributes (bsc#1212445). * cpufreq: amd-pstate: Add AMD P-State performance attributes (bsc#1212445). * cpufreq: amd-pstate: Add boost mode support for AMD P-State (bsc#1212445). * cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445). * cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445). * cpufreq: amd-pstate: Add fast switch function for AMD P-State (bsc#1212445). * cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445). * cpufreq: amd-pstate: Add guided mode control support via sysfs (bsc#1212445). * cpufreq: amd-pstate: Add more tracepoint for AMD P-State module (bsc#1212445). * cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1212445). * cpufreq: amd-pstate: Add trace for AMD P-State module (bsc#1212445). * cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445). * cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1212445). * cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445). * cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init (bsc#1212445). * cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445). * cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1212445). * cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ (bsc#1212445). * cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State (bsc#1212445). * cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1212445). * cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment (bsc#1212445). * cpufreq: amd-pstate: fix white-space (bsc#1212445). * cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445). * cpufreq: amd-pstate: implement amd pstate cpu online and offline callback (bsc#1212445). * cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors (bsc#1212445). * cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445). * cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future processors (bsc#1212445). * cpufreq: amd-pstate: Introduce the support for the processors with shared memory solution (bsc#1212445). * cpufreq: amd-pstate: Let user know amd-pstate is disabled (bsc#1212445). * cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated (bsc#1212445). * cpufreq: amd-pstate: Make varaiable mode_state_machine static (bsc#1212445). * cpufreq: amd_pstate: map desired perf into pstate scope for powersave governor (bsc#1212445). * cpufreq: amd-pstate: optimize driver working mode selection in amd_pstate_param() (bsc#1212445). * cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver (bsc#1212445). * cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules (bsc#1212445). * cpufreq: amd-pstate: Set a fallback policy based on preferred_profile (bsc#1212445). * cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445). * cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() (bsc#1212445). * cpufreq: amd-pstate: update pstate frequency transition delay time (bsc#1212445). * cpufreq: amd-pstate: Write CPPC enable bit per-socket (bsc#1212445). * crypto: kpp - Add helper to set reqsize (git-fixes). * crypto: qat - Use helper to set reqsize (git-fixes). * dlm: fix missing lkb refcount handling (git-fixes). * dlm: fix plock invalid read (git-fixes). * Documentation: cpufreq: amd-pstate: Move amd_pstate param to alphabetical order (bsc#1212445). * Documentation: devices.txt: reconcile serial/ucc_uart minor numers (git- fixes). * drm/amd/display: Add monitor specific edid quirk (git-fixes). * drm/amd/display: Add polling method to handle MST reply packet (bsc#1213578). * drm/amd/display: check TG is non-null before checking if enabled (git- fixes). * drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). * drm/amd/display: Disable MPC split by default on special asic (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: fix seamless odm transitions (git-fixes). * drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). * drm/amd/display: only accept async flips for fast updates (git-fixes). * drm/amd/display: Only update link settings after successful MST link train (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (git- fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event() (git-fixes). * drm/amd: Fix an error handling mistake in psp_sw_init() (git-fixes). * drm/amdgpu: add the fan abnormal detection feature (git-fixes). * drm/amdgpu: avoid restore process run into dead loop (git-fixes). * drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git- fixes). * drm/amdgpu: Fix minmax warning (git-fixes). * drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes). * drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (git- fixes). * drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes). * drm/amd/pm: share the code around SMU13 pcie parameters update (git-fixes). * drm/atomic: Allow vblank-enabled + self-refresh "disable" (git-fixes). * drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). * drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git- fixes). * drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). * drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (git-fixes). * drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). * drm/dp_mst: Clear MSG_RDY flag before sending new message (bsc#1213578). * drm: Fix null pointer dereference in drm_dp_atomic_find_time_slots() (bsc#1213578). * drm/i915: Do not preserve dpll_hw_state for slave crtc in Bigjoiner (git- fixes). * drm/i915/dpt: Use shmem for dpt objects (git-fixes). * drm/i915: Fix an error handling path in igt_write_huge() (git-fixes). * drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks (git- fixes). * drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). * drm/msm/disp/dpu: get timing engine status from intf status register (git- fixes). * drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). * drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). * drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git- fixes). * drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). * drm/ttm: fix bulk_move corruption when adding a entry (git-fixes). * drm/ttm: fix warning that we shouldn't mix && and || (git-fixes). * drm/vmwgfx: Fix Legacy Display Unit atomic drm support (bsc#1213632). * drm/vmwgfx: Remove explicit and broken vblank handling (bsc#1213632). * drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632). * fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). * fbdev: imxfb: Removed unneeded release_mem_region (git-fixes). * fbdev: imxfb: warn about invalid left/right margin (git-fixes). * file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). * fs: dlm: add midcomms init/start functions (git-fixes). * fs: dlm: do not set stop rx flag after node reset (git-fixes). * fs: dlm: filter user dlm messages for kernel locks (git-fixes). * fs: dlm: fix log of lowcomms vs midcomms (git-fixes). * fs: dlm: fix race between test_bit() and queue_work() (git-fixes). * fs: dlm: fix race in lowcomms (git-fixes). * fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). * fs: dlm: move sending fin message into state change handling (git-fixes). * fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). * fs: dlm: return positive pid value for F_GETLK (git-fixes). * fs: dlm: start midcomms before scand (git-fixes). * fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git- fixes). * FS: JFS: Check for read-only mounted filesystem in txBegin (git-fixes). * FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes). * fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). * gve: Set default duplex configuration to full (git-fixes). * gve: unify driver name usage (git-fixes). * hwmon: (adm1275) Allow setting sample averaging (git-fixes). * hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git- fixes). * hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). * hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). * i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). * i2c: xiic: Do not try to handle more interrupt events after error (git- fixes). * iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED (git-fixes). * iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (git-fixes). * iavf: Fix out-of-bounds when setting channels on remove (git-fixes). * iavf: fix potential deadlock on allocation failure (git-fixes). * iavf: fix reset task race with iavf_remove() (git-fixes). * iavf: Fix use-after-free in free_netdev (git-fixes). * iavf: Move netdev_update_features() into watchdog task (git-fixes). * iavf: use internal state to free traffic IRQs (git-fixes). * iavf: Wait for reset in callbacks which trigger it (git-fixes). * IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) * ice: Fix max_rate check while configuring TX rate limits (git-fixes). * ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). * ice: handle extts in the miscellaneous interrupt thread (git-fixes). * igc: Check if hardware TX timestamping is enabled earlier (git-fixes). * igc: Enable and fix RX hash usage by netstack (git-fixes). * igc: Fix inserting of empty frame for launchtime (git-fixes). * igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). * igc: Fix launchtime before start of cycle (git-fixes). * igc: Fix race condition in PTP tx code (git-fixes). * igc: Handle PPS start time programming for past time values (git-fixes). * igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). * igc: Remove delay during TX ring configuration (git-fixes). * igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). * igc: Work around HW bug causing missing timestamps (git-fixes). * Input: i8042 - add Clevo PCX0DX to i8042 quirk table (git-fixes). * Input: iqs269a - do not poll during ATI (git-fixes). * Input: iqs269a - do not poll during suspend or resume (git-fixes). * jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). * jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). * jffs2: fix memory leak in jffs2_scan_medium (git-fixes). * jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). * jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git- fixes). * jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). * jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). * kABI fix after Restore kABI for NVidia vGPU driver (bsc#1210825). * kabi/severities: relax kABI for ath11k local symbols (bsc#1207948) * kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). * KVM: arm64: Do not read a HW interrupt pending state in user context (git- fixes) * KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620) * KVM: Do not null dereference ops->destroy (git-fixes) * KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes) * KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git- fixes) * KVM: s390: pv: fix index value of replaced ASCE (git-fixes bsc#1213867). * KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (git- fixes). * KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (git- fixes). * KVM: VMX: restore vmx_vmexit alignment (git-fixes). * KVM: x86: Account fastpath-only VM-Exits in vCPU stats (git-fixes). * leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git- fixes). * libceph: harden msgr2.1 frame segment length checks (bsc#1213857). * MAINTAINERS: Add AMD P-State driver maintainer entry (bsc#1212445). * m ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes). * md: add error_handlers for raid0 and linear (bsc#1212766). * media: staging: atomisp: select V4L2_FWNODE (git-fixes). * mhi_power_down() kABI workaround (bsc#1207948). * mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). * mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). * net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). * net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). * net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). * net/mlx5: DR, Support SW created encap actions for FW table (git-fixes). * net/mlx5e: Check for NOT_READY flag state after locking (git-fixes). * net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes). * net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes). * net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes). * net/mlx5e: XDP, Allow growing tail for XDP multi buffer (git-fixes). * net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ (git-fixes). * net: phy: marvell10g: fix 88x3310 power up (git-fixes). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). * nfsd: add encoding of op_recall flag for write delegation (git-fixes). * nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). * nfsd: Fix sparse warning (git-fixes). * nfsd: Remove open coding of string copy (git-fixes). * nfsv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git- fixes). * nfsv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (git- fixes). * nvme: do not reject probe due to duplicate IDs for single-ported PCIe devices (git-fixes). * nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes). * nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). * nvme-pci: remove nvme_queue from nvme_iod (git-fixes). * octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). * octeontx2-pf: Add additional check for MCAM rules (git-fixes). * octeontx-af: fix hardware timestamp configuration (git-fixes). * PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). * PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). * phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git- fixes). * pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). * pinctrl: amd: Do not show `Invalid config param` errors (git-fixes). * pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). * pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). * pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). * platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git- fixes). * RDMA/bnxt_re: Fix hang during driver unload (git-fixes) * RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes) * RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes) * RDMA/irdma: Add missing read barriers (git-fixes) * RDMA/irdma: Fix data race on CQP completion stats (git-fixes) * RDMA/irdma: Fix data race on CQP request done (git-fixes) * RDMA/irdma: Fix op_type reporting in CQEs (git-fixes) * RDMA/irdma: Report correct WC error (git-fixes) * RDMA/mlx4: Make check for invalid flags stricter (git-fixes) * RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes) * regmap: Account for register length in SMBus I/O limits (git-fixes). * regmap: Drop initial version of maximum transfer length fixes (git-fixes). * Restore kABI for NVidia vGPU driver (bsc#1210825). * Revert "ALSA: usb-audio: Drop superfluous interface setup at parsing" (git- fixes). * Revert "debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE() usage" (git-fixes). * Revert "Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)" * Revert "iavf: Detach device during reset task" (git-fixes). * Revert "iavf: Do not restart Tx queues after reset task failure" (git- fixes). * Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return" (git- fixes). * Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" (git- fixes). * Revert "usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()" (git-fixes). * Revert "usb: xhci: tegra: Fix error check" (git-fixes). * Revert "xhci: add quirk for host controllers that do not update endpoint DCS" (git-fixes). * Revive drm_dp_mst_hpd_irq() function (bsc#1213578). * rxrpc, afs: Fix selection of abort codes (git-fixes). * s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). * s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). * s390/dasd: print copy pair message only for the correct error (git-fixes bsc#1213872). * s390/decompressor: specify __decompress() buf len to avoid overflow (git- fixes bsc#1213863). * s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). * s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). * s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). * s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). * scftorture: Count reschedule IPIs (git-fixes). * scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). * scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). * scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). * scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). * scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). * scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). * scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). * scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). * scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). * scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). * scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). * scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). * scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). * scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). * scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). * scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). * scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). * scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). * scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). * scsi: lpfc: Use struct_size() helper (bsc#1213756). * scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). * scsi: qla2xxx: Array index may go out of bound (bsc#1213747). * scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). * scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). * scsi: qla2xxx: Correct the index of array (bsc#1213747). * scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). * scsi: qla2xxx: Fix buffer overrun (bsc#1213747). * scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). * scsi: qla2xxx: Fix deletion race condition (bsc#1213747). * scsi: qla2xxx: Fix end of loop test (bsc#1213747). * scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). * scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). * scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). * scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). * scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). * scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). * scsi: qla2xxx: Fix TMF leak through (bsc#1213747). * scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). * scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). * scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). * scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). * scsi: qla2xxx: Silence a static checker warning (bsc#1213747). * scsi: qla2xxx: Turn off noisy message log (bsc#1213747). * scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). * scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). * scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). * selftests: rtnetlink: remove netdevsim device after ipsec offload test (git- fixes). * serial: qcom-geni: drop bogus runtime pm state update (git-fixes). * serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). * series: udpate metadata Refresh * sfc: fix crash when reading stats while NIC is resetting (git-fixes). * sfc: fix XDP queues mode with legacy IRQ (git-fixes). * sfc: use budget for TX completions (git-fixes). * soundwire: qcom: update status correctly with mask (git-fixes). * staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git- fixes). * staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). * SUNRPC: always free ctxt when freeing deferred request (git-fixes). * SUNRPC: double free xprt_ctxt while still in use (git-fixes). * SUNRPC: Fix trace_svc_register() call site (git-fixes). * SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes). * SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes). * SUNRPC: remove the maximum number of retries in call_bind_status (git- fixes). * svcrdma: Prevent page release when nothing was received (git-fixes). * tpm_tis: Explicitly check for error code (git-fixes). * tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). * tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). * ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git- fixes). * ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git- fixes). * ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). * ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). * ubifs: Fix build errors as symbol undefined (git-fixes). * ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git- fixes). * ubifs: Fix memory leak in alloc_wbufs() (git-fixes). * ubifs: Fix memory leak in do_rename (git-fixes). * ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). * ubifs: Fix to add refcount once page is set private (git-fixes). * ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git- fixes). * ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). * ubifs: Free memory for tmpfile name (git-fixes). * ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). * ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). * ubifs: Rectify space budget for ubifs_xrename() (git-fixes). * ubifs: Rename whiteout atomically (git-fixes). * ubifs: rename_whiteout: correct old_dir size computing (git-fixes). * ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). * ubifs: Reserve one leb for each journal head while doing budget (git-fixes). * ubifs: Re-statistic cleaned znode count if commit failed (git-fixes). * ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). * ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git- fixes). * Update config files: enable CONFIG_X86_AMD_PSTATE (bsc#1212445) * usb: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). * usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). * usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). * usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). * USB: serial: option: add LARA-R6 01B PIDs (git-fixes). * usb: typec: Iterate pds array when showing the pd list (git-fixes). * usb: typec: Set port->pd before adding device for typec_port (git-fixes). * usb: typec: Use sysfs_emit_at when concatenating the string (git-fixes). * usb: xhci-mtk: set the dma max_seg_size (git-fixes). * vhost_net: revert upend_idx only on retriable error (git-fixes). * vhost: support PACKED when setting-getting vring_base (git-fixes). * virtio_net: Fix error unwinding of XDP initialization (git-fixes). * virtio-net: Maintain reverse cleanup order (git-fixes). * wifi: ath11k: add support for suspend in power down state (bsc#1207948). * wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948). * wifi: ath11k: handle thermal device registeration together with MAC (bsc#1207948). * wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948). * wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). * wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). * wl3501_cs: use eth_hw_addr_set() (git-fixes). * x86/PVH: obtain VGA console info in Dom0 (git-fixes). * xen/blkfront: Only check REQ_FUA for writes (git-fixes). * xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git- fixes). * xfs: AIL needs asynchronous CIL forcing (bsc#1211811). * xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). * xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). * xfs: CIL work is serialised, not pipelined (bsc#1211811). * xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). * xfs: drop async cache flushes from CIL commits (bsc#1211811). * xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). * xfs: move the CIL workqueue to the CIL (bsc#1211811). * xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). * xfs: order CIL checkpoint start records (bsc#1211811). * xfs: pass a CIL context to xlog_write() (bsc#1211811). * xfs: rework xlog_state_do_callback() (bsc#1211811). * xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). * xfs: separate out log shutdown callback processing (bsc#1211811). * xfs: wait iclog complete before tearing down AIL (bsc#1211811). * xfs: XLOG_STATE_IOERROR must die (bsc#1211811). * xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). * xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). * xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3311=1 SUSE-2023-3311=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3311=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3311=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3311=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3311=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3311=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3311=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-5.14.21-150500.55.19.1 * kernel-obs-build-debugsource-5.14.21-150500.55.19.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.19.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.19.1 * kernel-default-livepatch-devel-5.14.21-150500.55.19.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.19.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.19.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.19.1 * kernel-obs-build-5.14.21-150500.55.19.1 * ocfs2-kmp-default-5.14.21-150500.55.19.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.19.1 * kselftests-kmp-default-5.14.21-150500.55.19.1 * gfs2-kmp-default-5.14.21-150500.55.19.1 * kernel-default-livepatch-5.14.21-150500.55.19.1 * kernel-obs-qa-5.14.21-150500.55.19.1 * kernel-default-devel-5.14.21-150500.55.19.1 * reiserfs-kmp-default-5.14.21-150500.55.19.1 * kernel-syms-5.14.21-150500.55.19.1 * kernel-default-optional-5.14.21-150500.55.19.1 * kernel-default-extra-5.14.21-150500.55.19.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1 * cluster-md-kmp-default-5.14.21-150500.55.19.1 * kernel-default-debuginfo-5.14.21-150500.55.19.1 * kernel-default-debugsource-5.14.21-150500.55.19.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-debugsource-5.14.21-150500.55.19.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.19.1 * kernel-debug-devel-5.14.21-150500.55.19.1 * kernel-debug-devel-debuginfo-5.14.21-150500.55.19.1 * kernel-debug-debuginfo-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (x86_64) * kernel-default-vdso-debuginfo-5.14.21-150500.55.19.1 * kernel-default-vdso-5.14.21-150500.55.19.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.19.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.19.1 * kernel-debug-vdso-5.14.21-150500.55.19.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debugsource-5.14.21-150500.55.19.1 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.19.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.19.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.19.1 * kernel-default-base-5.14.21-150500.55.19.1.150500.6.6.4 * kernel-kvmsmall-devel-5.14.21-150500.55.19.1 * kernel-default-base-rebuild-5.14.21-150500.55.19.1.150500.6.6.4 * openSUSE Leap 15.5 (noarch) * kernel-macros-5.14.21-150500.55.19.1 * kernel-source-5.14.21-150500.55.19.1 * kernel-docs-html-5.14.21-150500.55.19.1 * kernel-source-vanilla-5.14.21-150500.55.19.1 * kernel-devel-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.19.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (aarch64) * dtb-broadcom-5.14.21-150500.55.19.1 * dtb-rockchip-5.14.21-150500.55.19.1 * kernel-64kb-devel-5.14.21-150500.55.19.1 * kernel-64kb-optional-5.14.21-150500.55.19.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.19.1 * dtb-apm-5.14.21-150500.55.19.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.19.1 * dtb-cavium-5.14.21-150500.55.19.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.19.1 * dtb-arm-5.14.21-150500.55.19.1 * dtb-exynos-5.14.21-150500.55.19.1 * dtb-allwinner-5.14.21-150500.55.19.1 * kernel-64kb-extra-5.14.21-150500.55.19.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.19.1 * dtb-xilinx-5.14.21-150500.55.19.1 * dtb-mediatek-5.14.21-150500.55.19.1 * dtb-apple-5.14.21-150500.55.19.1 * dtb-hisilicon-5.14.21-150500.55.19.1 * dtb-marvell-5.14.21-150500.55.19.1 * reiserfs-kmp-64kb-5.14.21-150500.55.19.1 * dtb-nvidia-5.14.21-150500.55.19.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.19.1 * dtb-amazon-5.14.21-150500.55.19.1 * dlm-kmp-64kb-5.14.21-150500.55.19.1 * kernel-64kb-debuginfo-5.14.21-150500.55.19.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.19.1 * dtb-sprd-5.14.21-150500.55.19.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.19.1 * dtb-freescale-5.14.21-150500.55.19.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.19.1 * dtb-amlogic-5.14.21-150500.55.19.1 * dtb-socionext-5.14.21-150500.55.19.1 * dtb-amd-5.14.21-150500.55.19.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.19.1 * dtb-lg-5.14.21-150500.55.19.1 * kselftests-kmp-64kb-5.14.21-150500.55.19.1 * dtb-altera-5.14.21-150500.55.19.1 * dtb-qcom-5.14.21-150500.55.19.1 * kernel-64kb-debugsource-5.14.21-150500.55.19.1 * gfs2-kmp-64kb-5.14.21-150500.55.19.1 * ocfs2-kmp-64kb-5.14.21-150500.55.19.1 * dtb-renesas-5.14.21-150500.55.19.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.19.1 * cluster-md-kmp-64kb-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.19.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_19-default-1-150500.11.3.4 * kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-1-150500.11.3.4 * kernel-livepatch-SLE15-SP5_Update_3-debugsource-1-150500.11.3.4 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.19.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-debugsource-5.14.21-150500.55.19.1 * kernel-64kb-devel-5.14.21-150500.55.19.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.19.1 * kernel-64kb-debuginfo-5.14.21-150500.55.19.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.19.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.19.1.150500.6.6.4 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150500.55.19.1 * kernel-default-debugsource-5.14.21-150500.55.19.1 * kernel-default-debuginfo-5.14.21-150500.55.19.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.19.1 * Basesystem Module 15-SP5 (noarch) * kernel-devel-5.14.21-150500.55.19.1 * kernel-macros-5.14.21-150500.55.19.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.19.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.19.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.19.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.19.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150500.55.19.1 * kernel-obs-build-5.14.21-150500.55.19.1 * kernel-syms-5.14.21-150500.55.19.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.19.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.19.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150500.55.19.1 * kernel-default-debugsource-5.14.21-150500.55.19.1 * kernel-default-debuginfo-5.14.21-150500.55.19.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.19.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.19.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_19-default-1-150500.11.3.4 * kernel-default-livepatch-devel-5.14.21-150500.55.19.1 * kernel-default-debuginfo-5.14.21-150500.55.19.1 * kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-1-150500.11.3.4 * kernel-default-livepatch-5.14.21-150500.55.19.1 * kernel-livepatch-SLE15-SP5_Update_3-debugsource-1-150500.11.3.4 * kernel-default-debugsource-5.14.21-150500.55.19.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1 * dlm-kmp-default-5.14.21-150500.55.19.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1 * ocfs2-kmp-default-5.14.21-150500.55.19.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.19.1 * kernel-default-debuginfo-5.14.21-150500.55.19.1 * gfs2-kmp-default-5.14.21-150500.55.19.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.19.1 * kernel-default-debugsource-5.14.21-150500.55.19.1 * cluster-md-kmp-default-5.14.21-150500.55.19.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.19.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.19.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150500.55.19.1 * kernel-default-debugsource-5.14.21-150500.55.19.1 * kernel-default-debuginfo-5.14.21-150500.55.19.1 * kernel-default-extra-5.14.21-150500.55.19.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-21400.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2166.html * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-38409.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207129 * https://bugzilla.suse.com/show_bug.cgi?id=1207948 * https://bugzilla.suse.com/show_bug.cgi?id=1210627 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1210825 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211811 * https://bugzilla.suse.com/show_bug.cgi?id=1212445 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212604 * https://bugzilla.suse.com/show_bug.cgi?id=1212766 * https://bugzilla.suse.com/show_bug.cgi?id=1212901 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213272 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213304 * https://bugzilla.suse.com/show_bug.cgi?id=1213417 * https://bugzilla.suse.com/show_bug.cgi?id=1213578 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213620 * https://bugzilla.suse.com/show_bug.cgi?id=1213632 * https://bugzilla.suse.com/show_bug.cgi?id=1213653 * https://bugzilla.suse.com/show_bug.cgi?id=1213713 * https://bugzilla.suse.com/show_bug.cgi?id=1213715 * https://bugzilla.suse.com/show_bug.cgi?id=1213747 * https://bugzilla.suse.com/show_bug.cgi?id=1213756 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213777 * https://bugzilla.suse.com/show_bug.cgi?id=1213810 * https://bugzilla.suse.com/show_bug.cgi?id=1213812 * https://bugzilla.suse.com/show_bug.cgi?id=1213856 * https://bugzilla.suse.com/show_bug.cgi?id=1213857 * https://bugzilla.suse.com/show_bug.cgi?id=1213863 * https://bugzilla.suse.com/show_bug.cgi?id=1213867 * https://bugzilla.suse.com/show_bug.cgi?id=1213870 * https://bugzilla.suse.com/show_bug.cgi?id=1213871 * https://bugzilla.suse.com/show_bug.cgi?id=1213872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 14 20:52:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Aug 2023 20:52:09 -0000 Subject: SUSE-RU-2023:3314-1: moderate: Recommended update for skopeo Message-ID: <169204632973.26111.17895915654830358947@smelt2.suse.de> # Recommended update for skopeo Announcement ID: SUSE-RU-2023:3314-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for skopeo fixes the following issues: skopeo was updated to version 1.12.0. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3314=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3314=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3314=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3314=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3314=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3314=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3314=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3314=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3314=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3314=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3314=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3314=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3314=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * SUSE Manager Proxy 4.2 (x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * SUSE Manager Retail Branch Server 4.2 (x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * skopeo-1.12.0-150300.11.3.3 * skopeo-debuginfo-1.12.0-150300.11.3.3 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 15 08:35:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Aug 2023 08:35:42 -0000 Subject: SUSE-FU-2023:3316-1: moderate: Feature update for jakarta-commons-discovery Message-ID: <169208854209.31235.5710351454357431372@smelt2.suse.de> # Feature update for jakarta-commons-discovery Announcement ID: SUSE-FU-2023:3316-1 Rating: moderate References: * SLE-23217 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for jakarta-commons-discovery fixes the following issues: * Version update from 0.4 to 0.5 (jsc#SLE-23217): * The minimum JDK requirement is now JDK 1.5 * Dependencies: Commons Discovery depends on Commons Logging * New features: Discovery APIs use Java5 Generics * Known bugs/limitations: `resource.classes.DiscoverClasses` doesn't work with Oracle embedded JVM in DBMS, see DISCOVERY-13: https://issues.apache.org/jira/browse/DISCOVERY-13 * Deprecations: * Classes in `org.apache.commons.discovery.log` package have been deprecated; depending on Apache Commons Logging 1.1.1 there is no more circular dependency between Apache Commons Discovery and Apache Commons Logging * `setLog(org.apache.commons.logging.Log)` methods have been deprecated; they are not thread-safe ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3316=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3316=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3316=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3316=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3316=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3316=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3316=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3316=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3316=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3316=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3316=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3316=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3316=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3316=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3316=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3316=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3316=1 ## Package List: * openSUSE Leap 15.4 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * jakarta-commons-discovery-javadoc-0.5-150000.4.11.1 * openSUSE Leap 15.5 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * jakarta-commons-discovery-javadoc-0.5-150000.4.11.1 * Basesystem Module 15-SP4 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * Basesystem Module 15-SP5 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Manager Server 4.2 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Enterprise Storage 7.1 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 * SUSE Enterprise Storage 7 (noarch) * jakarta-commons-discovery-0.5-150000.4.11.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 15 08:35:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Aug 2023 08:35:44 -0000 Subject: SUSE-RU-2023:3315-1: moderate: Recommended update for ipmitool Message-ID: <169208854408.31235.7795613682408665852@smelt2.suse.de> # Recommended update for ipmitool Announcement ID: SUSE-RU-2023:3315-1 Rating: moderate References: * #1213390 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for ipmitool fixes the following issues: * ipmitool duplicates the timestamp (bsc#1213390) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3315=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3315=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3315=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3315=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3315=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3315=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3315=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3315=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3315=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * ipmitool-debuginfo-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-debugsource-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Manager Server 4.2 (ppc64le s390x) * ipmitool-debuginfo-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-debugsource-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Manager Server 4.2 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Enterprise Storage 7.1 (aarch64) * ipmitool-debuginfo-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-debugsource-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Enterprise Storage 7.1 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64) * ipmitool-debuginfo-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-debugsource-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * ipmitool-debuginfo-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-debugsource-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * ipmitool-debuginfo-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-debugsource-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x) * ipmitool-debuginfo-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-debugsource-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x) * ipmitool-debuginfo-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-debugsource-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le) * ipmitool-debuginfo-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-1.8.18+git20200204.7ccea28-150200.3.11.1 * ipmitool-debugsource-1.8.18+git20200204.7ccea28-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18+git20200204.7ccea28-150200.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213390 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 15 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Aug 2023 12:30:31 -0000 Subject: SUSE-SU-2023:3318-1: important: Security update for the Linux Kernel Message-ID: <169210263116.17472.16296146784863457516@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3318-1 Rating: important References: * #1150305 * #1193629 * #1194869 * #1206418 * #1207129 * #1207894 * #1208788 * #1210565 * #1210584 * #1210627 * #1210780 * #1210853 * #1211131 * #1211243 * #1211738 * #1211811 * #1211867 * #1212301 * #1212502 * #1212604 * #1212846 * #1212901 * #1212905 * #1213010 * #1213011 * #1213012 * #1213013 * #1213014 * #1213015 * #1213016 * #1213017 * #1213018 * #1213019 * #1213020 * #1213021 * #1213024 * #1213025 * #1213032 * #1213034 * #1213035 * #1213036 * #1213037 * #1213038 * #1213039 * #1213040 * #1213041 * #1213059 * #1213061 * #1213087 * #1213088 * #1213089 * #1213090 * #1213092 * #1213093 * #1213094 * #1213095 * #1213096 * #1213098 * #1213099 * #1213100 * #1213102 * #1213103 * #1213104 * #1213105 * #1213106 * #1213107 * #1213108 * #1213109 * #1213110 * #1213111 * #1213112 * #1213113 * #1213114 * #1213134 * #1213167 * #1213245 * #1213247 * #1213252 * #1213258 * #1213259 * #1213263 * #1213264 * #1213272 * #1213286 * #1213287 * #1213304 * #1213523 * #1213524 * #1213543 * #1213585 * #1213586 * #1213588 * #1213620 * #1213653 * #1213705 * #1213713 * #1213715 * #1213747 * #1213756 * #1213759 * #1213777 * #1213810 * #1213812 * #1213856 * #1213857 * #1213863 * #1213867 * #1213870 * #1213871 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-20593 * CVE-2023-21400 * CVE-2023-2156 * CVE-2023-2166 * CVE-2023-2985 * CVE-2023-31083 * CVE-2023-3117 * CVE-2023-31248 * CVE-2023-3268 * CVE-2023-3390 * CVE-2023-35001 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 * CVE-2023-3812 * CVE-2023-4004 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves 20 vulnerabilities and has 89 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: * acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). * add module_firmware() for firmware_tg357766 (git-fixes). * afs: adjust ack interpretation to try and cope with nat (git-fixes). * afs: fix access after dec in put functions (git-fixes). * afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes). * afs: fix dynamic root getattr (git-fixes). * afs: fix fileserver probe rtt handling (git-fixes). * afs: fix infinite loop found by xfstest generic/676 (git-fixes). * afs: fix lost servers_outstanding count (git-fixes). * afs: fix server->active leak in afs_put_server (git-fixes). * afs: fix setting of mtime when creating a file/dir/symlink (git-fixes). * afs: fix updating of i_size with dv jump from server (git-fixes). * afs: fix vlserver probe rtt handling (git-fixes). * afs: return -eagain, not -eremoteio, when a file already locked (git-fixes). * afs: use refcount_t rather than atomic_t (git-fixes). * afs: use the operation issue time instead of the reply time for callbacks (git-fixes). * alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). * alsa: fireface: make read-only const array for model names static (git- fixes). * alsa: hda/realtek - remove 3k pull low procedure (git-fixes). * alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes). * alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes). * alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes). * alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes). * alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes). * alsa: hda/realtek: add quirk for clevo ns70au (git-fixes). * alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes). * alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes). * alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes). * alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes). * alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes). * alsa: hda/realtek: support asus g713pv laptop (git-fixes). * alsa: hda/realtek: whitespace fix (git-fixes). * alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). * alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). * alsa: oxfw: make read-only const array models static (git-fixes). * alsa: pcm: fix potential data race at pcm memory allocation helpers (git- fixes). * alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). * alsa: usb-audio: update for native dsd support quirks (git-fixes). * apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). * arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes) * arm64: dts: microchip: sparx5: do not use psci on reference boards (git- fixes) * arm64: vdso: pass (void *) to virt_to_page() (git-fixes) * arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) * asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). * asoc: codecs: es8316: fix dmic config (git-fixes). * asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git- fixes). * asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes). * asoc: codecs: wcd938x: fix codec initialisation race (git-fixes). * asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes). * asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). * asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes). * asoc: da7219: check for failure reading aad irq events (git-fixes). * asoc: da7219: flush pending aad irq when suspending (git-fixes). * asoc: fsl_sai: disable bit clock with transmitter (git-fixes). * asoc: fsl_spdif: silence output on stop (git-fixes). * asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: tegra: fix adx byte map (git-fixes). * asoc: tegra: fix amx byte map (git-fixes). * asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). * ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). * block, bfq: fix division by zero error on zero wsum (bsc#1213653). * block: fix a source code comment in include/uapi/linux/blkzoned.h (git- fixes). * can: bcm: fix uaf in bcm_proc_show() (git-fixes). * can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes). * ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). * cifs: add a warning when the in-flight count goes negative (bsc#1193629). * cifs: address unused variable warning (bsc#1193629). * cifs: do all necessary checks for credits within or before locking (bsc#1193629). * cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). * cifs: fix max_credits implementation (bsc#1193629). * cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). * cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). * cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). * cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). * cifs: fix status checks in cifs_tree_connect (bsc#1193629). * cifs: log session id when a matching ses is not found (bsc#1193629). * cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). * cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). * cifs: print all credit counters in debugdata (bsc#1193629). * cifs: print client_guid in debugdata (bsc#1193629). * cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). * cifs: print nosharesock value while dumping mount options (bsc#1193629). * clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git- fixes). * clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes). * coda: avoid partial allocation of sig_inputargs (git-fixes). * codel: fix kernel-doc notation warnings (git-fixes). * crypto: kpp - add helper to set reqsize (git-fixes). * crypto: qat - use helper to set reqsize (git-fixes). * delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705. * devlink: fix kernel-doc notation warnings (git-fixes). * dlm: fix missing lkb refcount handling (git-fixes). * dlm: fix plock invalid read (git-fixes). * docs: networking: update codeaurora references for rmnet (git-fixes). * documentation: abi: sysfs-class-net-qmi: pass_through contact update (git- fixes). * documentation: bonding: fix the doc of peer_notif_delay (git-fixes). * documentation: devices.txt: reconcile serial/ucc_uart minor numers (git- fixes). * documentation: timers: hrtimers: make hybrid union historical (git-fixes). * drm/amd/display: correct `dmub_fw_version` macro (git-fixes). * drm/amd/display: disable mpc split by default on special asic (git-fixes). * drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes). * drm/amdgpu: avoid restore process run into dead loop (git-fixes). * drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git- fixes). * drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes). * drm/amdgpu: validate vm ioctl flags (git-fixes). * drm/atomic: allow vblank-enabled + self-refresh "disable" (git-fixes). * drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes). * drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git- fixes). * drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes). * drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes). * drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes). * drm/client: fix memory leak in drm_client_modeset_probe (git-fixes). * drm/client: fix memory leak in drm_client_target_cloned (git-fixes). * drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git- fixes). * drm/i915: fix one wrong caching mode enum usage (git-fixes). * drm/msm/adreno: fix snapshot bindless_data size (git-fixes). * drm/msm/disp/dpu: get timing engine status from intf status register (git- fixes). * drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). * drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes). * drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git- fixes). * drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes). * drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git- fixes). * drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes). * drm/ttm: do not leak a resource on swapout move error (git-fixes). * drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777) * dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in "compatible" conditional schema (git-fixes). * enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#PED-4758) * ext4: add ea_inode checking to ext4_iget() (bsc#1213106). * ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). * ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). * ext4: add strict range checks while freeing blocks (bsc#1213089). * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). * ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). * ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). * ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). * ext4: disallow ea_inodes with extended attributes (bsc#1213108). * ext4: fail ext4_iget if special inode unallocated (bsc#1213010). * ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). * ext4: fix data races when using cached status extents (bsc#1213102). * ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). * ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). * ext4: fix lockdep warning when enabling mmp (bsc#1213100). * ext4: fix reusing stale buffer heads from last failed mounting (bsc#1213020). * ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). * ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). * ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). * ext4: fix warning in ext4_update_inline_data (bsc#1213012). * ext4: fix warning in mb_find_extent (bsc#1213099). * ext4: improve error handling from ext4_dirhash() (bsc#1213104). * ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). * ext4: move where set the may_inline_data flag is set (bsc#1213011). * ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). * ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). * ext4: refuse to create ea block when umounted (bsc#1213093). * ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). * ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). * ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). * ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). * ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). * fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes). * fbdev: imxfb: warn about invalid left/right margin (git-fixes). * file: always lock position for fmode_atomic_pos (bsc#1213759). * fix documentation of panic_on_warn (git-fixes). * fs: dlm: add midcomms init/start functions (git-fixes). * fs: dlm: do not set stop rx flag after node reset (git-fixes). * fs: dlm: filter user dlm messages for kernel locks (git-fixes). * fs: dlm: fix log of lowcomms vs midcomms (git-fixes). * fs: dlm: fix race between test_bit() and queue_work() (git-fixes). * fs: dlm: fix race in lowcomms (git-fixes). * fs: dlm: handle -ebusy first in lock arg validation (git-fixes). * fs: dlm: move sending fin message into state change handling (git-fixes). * fs: dlm: retry accept() until -eagain or error returns (git-fixes). * fs: dlm: return positive pid value for f_getlk (git-fixes). * fs: dlm: start midcomms before scand (git-fixes). * fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git- fixes). * fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). * fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). * fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes). * fuse: ioctl: translate enosys in outarg (bsc#1213524). * fuse: revalidate: do not invalidate if interrupted (bsc#1213523). * gve: set default duplex configuration to full (git-fixes). * gve: unify driver name usage (git-fixes). * hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861). * hvcs: get reference to tty in remove (bsc#1213134 ltc#202861). * hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861). * hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). * hvcs: use driver groups to manage driver attributes (bsc#1213134 ltc#202861). * hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861). * hwmon: (adm1275) allow setting sample averaging (git-fixes). * hwmon: (k10temp) enable amd3255 proc to show negative temperature (git- fixes). * hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes). * hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272 (git-fixes). * i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). * i2c: xiic: do not try to handle more interrupt events after error (git- fixes). * iavf: fix out-of-bounds when setting channels on remove (git-fixes). * iavf: fix use-after-free in free_netdev (git-fixes). * iavf: use internal state to free traffic irqs (git-fixes). * ib/hfi1: use bitmap_zalloc() when applicable (git-fixes) * igc: check if hardware tx timestamping is enabled earlier (git-fixes). * igc: enable and fix rx hash usage by netstack (git-fixes). * igc: fix inserting of empty frame for launchtime (git-fixes). * igc: fix kernel panic during ndo_tx_timeout callback (git-fixes). * igc: fix launchtime before start of cycle (git-fixes). * igc: fix race condition in ptp tx code (git-fixes). * igc: handle pps start time programming for past time values (git-fixes). * igc: prevent garbled tx queue with xdp zerocopy (git-fixes). * igc: remove delay during tx ring configuration (git-fixes). * igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). * igc: work around hw bug causing missing timestamps (git-fixes). * inotify: avoid reporting event with invalid wd (bsc#1213025). * input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). * input: iqs269a - do not poll during ati (git-fixes). * input: iqs269a - do not poll during suspend or resume (git-fixes). * jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). * jdb2: do not refuse invalidation of already invalidated buffers (bsc#1213014). * jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). * jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). * jffs2: fix memory leak in jffs2_scan_medium (git-fixes). * jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). * jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git- fixes). * jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). * jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes). * kabi/severities: add vas symbols changed due to recent fix vas accelerators are directly tied to the architecture, there is no reason to have out-of- tree production drivers * kabi: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). * kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps") * kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime is undefined (git-fixes). * kvm: arm64: do not read a hw interrupt pending state in user context (git- fixes) * kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) * kvm: do not null dereference ops->destroy (git-fixes) * kvm: downgrade two bug_ons to warn_on_once (git-fixes) * kvm: initialize debugfs_dentry when a vm is created to avoid null (git- fixes) * kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). * kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git- fixes). * kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git- fixes). * kvm: vmx: restore vmx_vmexit alignment (git-fixes). * kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). * leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git- fixes). * libceph: harden msgr2.1 frame segment length checks (bsc#1213857). * media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). * media: cec: i2c: ch7322: also select regmap (git-fixes). * media: i2c: correct format propagation for st-mipid02 (git-fixes). * media: staging: atomisp: select v4l2_fwnode (git-fixes). * media: usb: check az6007_read() return value (git-fixes). * media: usb: siano: fix warning due to null work_func_t function pointer (git-fixes). * media: venus: helpers: fix align() of non power of two (git-fixes). * media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes). * memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). * mmc: core: disable trim on kingston emmc04g-m627 (git-fixes). * mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is used (git-fixes). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585). * net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). * net: mana: add support for vlan tagging (bsc#1212301). * net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901). * net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901). * net: phy: marvell10g: fix 88x3310 power up (git-fixes). * net: phy: prevent stale pointer dereference in phy_init() (git-fixes). * nfsd: add encoding of op_recall flag for write delegation (git-fixes). * nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). * nfsd: fix sparse warning (git-fixes). * nfsd: remove open coding of string copy (git-fixes). * nfsv4.1: always send a reclaim_complete after establishing lease (git- fixes). * nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git- fixes). * ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes). * ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes). * ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes). * ntb: ntb_tool: add check for devm_kcalloc (git-fixes). * ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). * nvme-multipath: support io stats on the mpath device (bsc#1210565). * nvme-pci: fix dma direction of unmapping integrity data (git-fixes). * nvme-pci: remove nvme_queue from nvme_iod (git-fixes). * nvme: introduce nvme_start_request (bsc#1210565). * ocfs2: check new file size on fallocate call (git-fixes). * ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). * ocfs2: switch to security_inode_init_security() (git-fixes). * octeontx-af: fix hardware timestamp configuration (git-fixes). * octeontx2-af: move validation of ptp pointer before its usage (git-fixes). * octeontx2-pf: add additional check for mcam rules (git-fixes). * opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). * pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes). * pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes). * phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git- fixes). * phy: revert "phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb" (git- fixes). * phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). * phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes). * pie: fix kernel-doc notation warning (git-fixes). * pinctrl: amd: detect internal gpio0 debounce handling (git-fixes). * pinctrl: amd: do not show `invalid config param` errors (git-fixes). * pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes). * pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes). * pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes). * platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git- fixes). * powerpc/64: only warn if __pa()/__va() called with bad addresses (bsc#1194869). * powerpc/64s: fix vas mm use after free (bsc#1194869). * powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869). * powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869). * powerpc/ftrace: remove ftrace init tramp once kernel init is complete (bsc#1194869). * powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare() (bsc#1194869). * powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross- boundary (bsc#1150305 ltc#176097 git-fixes). * powerpc/mm: switch obsolete dssall to .long (bsc#1194869). * powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). * powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). * powerpc/prom_init: fix kernel config grep (bsc#1194869). * powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). * powerpc: clean vdso32 and vdso64 directories (bsc#1194869). * powerpc: define get_cycles macro for arch-override (bsc#1194869). * powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). * pwm: ab8500: fix error code in probe() (git-fixes). * pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). * pwm: sysfs: do not apply state to already disabled pwms (git-fixes). * rdma/bnxt_re: fix hang during driver unload (git-fixes) * rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) * rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) * rdma/irdma: add missing read barriers (git-fixes) * rdma/irdma: fix data race on cqp completion stats (git-fixes) * rdma/irdma: fix data race on cqp request done (git-fixes) * rdma/irdma: fix op_type reporting in cqes (git-fixes) * rdma/irdma: report correct wc error (git-fixes) * rdma/mlx4: make check for invalid flags stricter (git-fixes) * rdma/mthca: fix crash when polling cq for shared qps (git-fixes) * rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes) * regmap: account for register length in smbus i/o limits (git-fixes). * regmap: drop initial version of maximum transfer length fixes (git-fixes). * revert "arm64: dts: zynqmp: add address-cells property to interrupt (git- fixes) * revert "debugfs, coccinelle: check for obsolete define_simple_attribute() usage" (git-fixes). * revert "drm/amd/display: edp do not add non-edid timings" (git-fixes). * revert "nfsv4: retry lock on old_stateid during delegation return" (git- fixes). * revert "usb: dwc3: core: enable autoretry feature in the controller" (git- fixes). * revert "usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()" (git-fixes). * revert "usb: xhci: tegra: fix error check" (git-fixes). * revert "xhci: add quirk for host controllers that do not update endpoint dcs" (git-fixes). * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe they depend on config_toolchain_has__. * rpm: update dependency to match current kmod. * rsi: remove kernel-doc comment marker (git-fixes). * rxrpc, afs: fix selection of abort codes (git-fixes). * s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). * s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). * s390/bpf: add expoline to tail calls (git-fixes bsc#1213870). * s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). * s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263). * s390/decompressor: specify __decompress() buf len to avoid overflow (git- fixes bsc#1213863). * s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). * s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). * s390/qeth: fix vipa deletion (git-fixes bsc#1213713). * s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715). * s390: define runtime_discard_exit to fix link error with gnu ld < 2.36 (git-fixes bsc#1213264). * s390: discard .interp section (git-fixes bsc#1213247). * s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). * scftorture: count reschedule ipis (git-fixes). * sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) * sched: fix debug && !schedstats warn (git-fixes) * scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756). * scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756). * scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756). * scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756). * scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). * scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). * scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756). * scsi: lpfc: fix lpfc_name struct packing (bsc#1213756). * scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756). * scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). * scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756). * scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756). * scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756). * scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756). * scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756). * scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). * scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756). * scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756). * scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756). * scsi: lpfc: use struct_size() helper (bsc#1213756). * scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747). * scsi: qla2xxx: array index may go out of bound (bsc#1213747). * scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747). * scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747). * scsi: qla2xxx: correct the index of array (bsc#1213747). * scsi: qla2xxx: drop useless list_head (bsc#1213747). * scsi: qla2xxx: fix buffer overrun (bsc#1213747). * scsi: qla2xxx: fix command flush during tmf (bsc#1213747). * scsi: qla2xxx: fix deletion race condition (bsc#1213747). * scsi: qla2xxx: fix end of loop test (bsc#1213747). * scsi: qla2xxx: fix erroneous link up failure (bsc#1213747). * scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747). * scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747). * scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747). * scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747). * scsi: qla2xxx: fix session hang in gnl (bsc#1213747). * scsi: qla2xxx: fix tmf leak through (bsc#1213747). * scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747). * scsi: qla2xxx: pointer may be dereferenced (bsc#1213747). * scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747). * scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747). * scsi: qla2xxx: silence a static checker warning (bsc#1213747). * scsi: qla2xxx: turn off noisy message log (bsc#1213747). * scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747). * scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747). * scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747). * security: keys: modify mismatched function name (git-fixes). * selftests: mptcp: depend on syn_cookies (git-fixes). * selftests: mptcp: sockopt: return error if wrong mark (git-fixes). * selftests: rtnetlink: remove netdevsim device after ipsec offload test (git- fixes). * selftests: tc: add 'ct' action kconfig dep (git-fixes). * selftests: tc: add conntrack procfs kconfig (git-fixes). * selftests: tc: set timeout to 15 minutes (git-fixes). * serial: qcom-geni: drop bogus runtime pm state update (git-fixes). * serial: sifive: fix sifive_serial_console_setup() section (git-fixes). * signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869). * signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv) (bsc#1194869). * smb3: do not reserve too many oplock credits (bsc#1193629). * smb3: missing null check in smb2_change_notify (bsc#1193629). * smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). * smb: client: fix missed ses refcounting (git-fixes). * smb: client: fix parsing of source mount option (bsc#1193629). * smb: client: fix shared dfs root mounts with different prefixes (bsc#1193629). * smb: client: fix warning in cifs_match_super() (bsc#1193629). * smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). * smb: client: fix warning in cifsfindfirst() (bsc#1193629). * smb: client: fix warning in cifsfindnext() (bsc#1193629). * smb: client: fix warning in generic_ip_connect() (bsc#1193629). * smb: client: improve dfs mount check (bsc#1193629). * smb: client: remove redundant pointer 'server' (bsc#1193629). * smb: delete an unnecessary statement (bsc#1193629). * smb: move client and server files to common directory fs/smb (bsc#1193629). * smb: remove obsolete comment (bsc#1193629). * soundwire: qcom: fix storing port config out-of-bounds (git-fixes). * soundwire: qcom: update status correctly with mask (git-fixes). * spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git- fixes). * spi: bcm63xx: fix max prepend length (git-fixes). * staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git- fixes). * staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes). * sunrpc: always free ctxt when freeing deferred request (git-fixes). * sunrpc: double free xprt_ctxt while still in use (git-fixes). * sunrpc: fix trace_svc_register() call site (git-fixes). * sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). * sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). * sunrpc: remove the maximum number of retries in call_bind_status (git- fixes). * svcrdma: prevent page release when nothing was received (git-fixes). * tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git- fixes). * tpm_tis: explicitly check for error code (git-fixes). * tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes). * tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). * ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). * ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git- fixes). * ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git- fixes). * ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). * ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git- fixes). * ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes). * ubifs: fix build errors as symbol undefined (git-fixes). * ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git- fixes). * ubifs: fix memory leak in alloc_wbufs() (git-fixes). * ubifs: fix memory leak in do_rename (git-fixes). * ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). * ubifs: fix to add refcount once page is set private (git-fixes). * ubifs: fix wrong dirty space budget for dirty inode (git-fixes). * ubifs: free memory for tmpfile name (git-fixes). * ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes). * ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). * ubifs: rectify space budget for ubifs_xrename() (git-fixes). * ubifs: rename whiteout atomically (git-fixes). * ubifs: rename_whiteout: correct old_dir size computing (git-fixes). * ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes). * ubifs: reserve one leb for each journal head while doing budget (git-fixes). * ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes). * ubifs: ubifs_writepage: mark page dirty after writing inode failed (git- fixes). * udf: avoid double brelse() in udf_rename() (bsc#1213032). * udf: define efscorrupted error code (bsc#1213038). * udf: detect system inodes linked into directory hierarchy (bsc#1213114). * udf: discard preallocation before extending file with a hole (bsc#1213036). * udf: do not bother looking for prealloc extents if i_lenextents matches i_size (bsc#1213035). * udf: do not bother merging very long extents (bsc#1213040). * udf: do not update file length for failed writes to inline files (bsc#1213041). * udf: fix error handling in udf_new_inode() (bsc#1213112). * udf: fix extending file within last block (bsc#1213037). * udf: fix preallocation discarding at indirect extent boundary (bsc#1213034). * udf: preserve link count of system files (bsc#1213113). * udf: truncate added extents on failed expansion (bsc#1213039). * update config and supported.conf files due to renaming. * update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference. * usb: dwc2: fix some error handling paths (git-fixes). * usb: dwc2: platform: improve error reporting for problems during .remove() (git-fixes). * usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). * usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes). * usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). * usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). * usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). * usb: serial: option: add lara-r6 01b pids (git-fixes). * usb: xhci-mtk: set the dma max_seg_size (git-fixes). * vhost: support packed when setting-getting vring_base (git-fixes). * vhost_net: revert upend_idx only on retriable error (git-fixes). * virtio-net: maintain reverse cleanup order (git-fixes). * virtio_net: fix error unwinding of xdp initialization (git-fixes). * wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). * wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes). * wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes). * wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git- fixes). * wl3501_cs: use eth_hw_addr_set() (git-fixes). * writeback: fix call of incorrect macro (bsc#1213024). * x86/pvh: obtain vga console info in dom0 (git-fixes). * x86: fix .brk attribute in linker script (git-fixes). * xen/blkfront: only check req_fua for writes (git-fixes). * xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git- fixes). * xfs: ail needs asynchronous cil forcing (bsc#1211811). * xfs: async cil flushes need pending pushes to be made stable (bsc#1211811). * xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). * xfs: cil work is serialised, not pipelined (bsc#1211811). * xfs: clean up the rtbitmap fsmap backend (git-fixes). * xfs: do not deplete the reserve pool when trying to shrink the fs (git- fixes). * xfs: do not reverse order of items in bulk ail insertion (git-fixes). * xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). * xfs: drop async cache flushes from cil commits (bsc#1211811). * xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). * xfs: fix getfsmap reporting past the last rt extent (git-fixes). * xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git- fixes). * xfs: fix interval filtering in multi-step fsmap queries (git-fixes). * xfs: fix logdev fsmap query result filtering (git-fixes). * xfs: fix off-by-one error when the last rt extent is in use (git-fixes). * xfs: fix uninitialized variable access (git-fixes). * xfs: make fsmap backend function key parameters const (git-fixes). * xfs: make the record pointer passed to query_range functions const (git- fixes). * xfs: move the cil workqueue to the cil (bsc#1211811). * xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). * xfs: order cil checkpoint start records (bsc#1211811). * xfs: pass a cil context to xlog_write() (bsc#1211811). * xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). * xfs: rework xlog_state_do_callback() (bsc#1211811). * xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). * xfs: separate out log shutdown callback processing (bsc#1211811). * xfs: wait iclog complete before tearing down ail (bsc#1211811). * xfs: xlog_state_ioerror must die (bsc#1211811). * xhci: fix resume issue of some zhaoxin hosts (git-fixes). * xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes). * xhci: show zhaoxin xhci root hub speed correctly (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3318=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3318=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3318=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3318=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3318=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3318=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3318=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3318=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-3318=1 ## Package List: * openSUSE Leap Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.46.1 * openSUSE Leap Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.46.1 * kernel-rt-debuginfo-5.14.21-150400.15.46.1 * openSUSE Leap Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.46.1 * openSUSE Leap Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.46.1 * kernel-rt-debuginfo-5.14.21-150400.15.46.1 * openSUSE Leap 15.4 (x86_64) * kernel-syms-rt-5.14.21-150400.15.46.1 * cluster-md-kmp-rt-5.14.21-150400.15.46.1 * ocfs2-kmp-rt-5.14.21-150400.15.46.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.46.1 * kernel-rt-debuginfo-5.14.21-150400.15.46.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.46.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.46.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.46.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1 * kernel-rt-devel-5.14.21-150400.15.46.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.46.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.46.1 * dlm-kmp-rt-5.14.21-150400.15.46.1 * kernel-rt_debug-devel-5.14.21-150400.15.46.1 * kernel-rt-debugsource-5.14.21-150400.15.46.1 * gfs2-kmp-rt-5.14.21-150400.15.46.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-rt-5.14.21-150400.15.46.1 * kernel-source-rt-5.14.21-150400.15.46.1 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.46.1 * kernel-rt_debug-5.14.21-150400.15.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.46.1 * kernel-rt-debuginfo-5.14.21-150400.15.46.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.46.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.46.1 * kernel-rt-debuginfo-5.14.21-150400.15.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.46.1 * kernel-rt-debuginfo-5.14.21-150400.15.46.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.46.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.46.1 * kernel-rt-debuginfo-5.14.21-150400.15.46.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_46-rt-debuginfo-1-150400.1.5.1 * kernel-livepatch-SLE15-SP4-RT_Update_11-debugsource-1-150400.1.5.1 * kernel-livepatch-5_14_21-150400_15_46-rt-1-150400.1.5.1 * SUSE Real Time Module 15-SP4 (x86_64) * kernel-syms-rt-5.14.21-150400.15.46.1 * cluster-md-kmp-rt-5.14.21-150400.15.46.1 * ocfs2-kmp-rt-5.14.21-150400.15.46.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.46.1 * kernel-rt-debuginfo-5.14.21-150400.15.46.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.46.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.46.1 * kernel-rt_debug-debuginfo-5.14.21-150400.15.46.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1 * kernel-rt-devel-5.14.21-150400.15.46.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.46.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.46.1 * dlm-kmp-rt-5.14.21-150400.15.46.1 * kernel-rt_debug-devel-5.14.21-150400.15.46.1 * kernel-rt-debugsource-5.14.21-150400.15.46.1 * gfs2-kmp-rt-5.14.21-150400.15.46.1 * SUSE Real Time Module 15-SP4 (noarch) * kernel-devel-rt-5.14.21-150400.15.46.1 * kernel-source-rt-5.14.21-150400.15.46.1 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.46.1 * kernel-rt_debug-5.14.21-150400.15.46.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-21400.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2166.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://bugzilla.suse.com/show_bug.cgi?id=1150305 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207129 * https://bugzilla.suse.com/show_bug.cgi?id=1207894 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210565 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1210627 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1210853 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211243 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211811 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212604 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1212901 * https://bugzilla.suse.com/show_bug.cgi?id=1212905 * https://bugzilla.suse.com/show_bug.cgi?id=1213010 * https://bugzilla.suse.com/show_bug.cgi?id=1213011 * https://bugzilla.suse.com/show_bug.cgi?id=1213012 * https://bugzilla.suse.com/show_bug.cgi?id=1213013 * https://bugzilla.suse.com/show_bug.cgi?id=1213014 * https://bugzilla.suse.com/show_bug.cgi?id=1213015 * https://bugzilla.suse.com/show_bug.cgi?id=1213016 * https://bugzilla.suse.com/show_bug.cgi?id=1213017 * https://bugzilla.suse.com/show_bug.cgi?id=1213018 * https://bugzilla.suse.com/show_bug.cgi?id=1213019 * https://bugzilla.suse.com/show_bug.cgi?id=1213020 * https://bugzilla.suse.com/show_bug.cgi?id=1213021 * https://bugzilla.suse.com/show_bug.cgi?id=1213024 * https://bugzilla.suse.com/show_bug.cgi?id=1213025 * https://bugzilla.suse.com/show_bug.cgi?id=1213032 * https://bugzilla.suse.com/show_bug.cgi?id=1213034 * https://bugzilla.suse.com/show_bug.cgi?id=1213035 * https://bugzilla.suse.com/show_bug.cgi?id=1213036 * https://bugzilla.suse.com/show_bug.cgi?id=1213037 * https://bugzilla.suse.com/show_bug.cgi?id=1213038 * https://bugzilla.suse.com/show_bug.cgi?id=1213039 * https://bugzilla.suse.com/show_bug.cgi?id=1213040 * https://bugzilla.suse.com/show_bug.cgi?id=1213041 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213087 * https://bugzilla.suse.com/show_bug.cgi?id=1213088 * https://bugzilla.suse.com/show_bug.cgi?id=1213089 * https://bugzilla.suse.com/show_bug.cgi?id=1213090 * https://bugzilla.suse.com/show_bug.cgi?id=1213092 * https://bugzilla.suse.com/show_bug.cgi?id=1213093 * https://bugzilla.suse.com/show_bug.cgi?id=1213094 * https://bugzilla.suse.com/show_bug.cgi?id=1213095 * https://bugzilla.suse.com/show_bug.cgi?id=1213096 * https://bugzilla.suse.com/show_bug.cgi?id=1213098 * https://bugzilla.suse.com/show_bug.cgi?id=1213099 * https://bugzilla.suse.com/show_bug.cgi?id=1213100 * https://bugzilla.suse.com/show_bug.cgi?id=1213102 * https://bugzilla.suse.com/show_bug.cgi?id=1213103 * https://bugzilla.suse.com/show_bug.cgi?id=1213104 * https://bugzilla.suse.com/show_bug.cgi?id=1213105 * https://bugzilla.suse.com/show_bug.cgi?id=1213106 * https://bugzilla.suse.com/show_bug.cgi?id=1213107 * https://bugzilla.suse.com/show_bug.cgi?id=1213108 * https://bugzilla.suse.com/show_bug.cgi?id=1213109 * https://bugzilla.suse.com/show_bug.cgi?id=1213110 * https://bugzilla.suse.com/show_bug.cgi?id=1213111 * https://bugzilla.suse.com/show_bug.cgi?id=1213112 * https://bugzilla.suse.com/show_bug.cgi?id=1213113 * https://bugzilla.suse.com/show_bug.cgi?id=1213114 * https://bugzilla.suse.com/show_bug.cgi?id=1213134 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213247 * https://bugzilla.suse.com/show_bug.cgi?id=1213252 * https://bugzilla.suse.com/show_bug.cgi?id=1213258 * https://bugzilla.suse.com/show_bug.cgi?id=1213259 * https://bugzilla.suse.com/show_bug.cgi?id=1213263 * https://bugzilla.suse.com/show_bug.cgi?id=1213264 * https://bugzilla.suse.com/show_bug.cgi?id=1213272 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213304 * https://bugzilla.suse.com/show_bug.cgi?id=1213523 * https://bugzilla.suse.com/show_bug.cgi?id=1213524 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213620 * https://bugzilla.suse.com/show_bug.cgi?id=1213653 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213713 * https://bugzilla.suse.com/show_bug.cgi?id=1213715 * https://bugzilla.suse.com/show_bug.cgi?id=1213747 * https://bugzilla.suse.com/show_bug.cgi?id=1213756 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213777 * https://bugzilla.suse.com/show_bug.cgi?id=1213810 * https://bugzilla.suse.com/show_bug.cgi?id=1213812 * https://bugzilla.suse.com/show_bug.cgi?id=1213856 * https://bugzilla.suse.com/show_bug.cgi?id=1213857 * https://bugzilla.suse.com/show_bug.cgi?id=1213863 * https://bugzilla.suse.com/show_bug.cgi?id=1213867 * https://bugzilla.suse.com/show_bug.cgi?id=1213870 * https://bugzilla.suse.com/show_bug.cgi?id=1213871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 15 12:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Aug 2023 12:30:37 -0000 Subject: SUSE-FU-2023:3322-1: moderate: Feature update for slurm_23_02 and pdsh Message-ID: <169210263732.17472.1891121425297851641@smelt2.suse.de> # Feature update for slurm_23_02 and pdsh Announcement ID: SUSE-FU-2023:3322-1 Rating: moderate References: * #1088693 * #1206795 * #1208846 * #1209216 * #1209260 * #1212946 * PED-2987 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 An update that contains one feature and has six feature fixes can now be installed. ## Description: This update for slurm_23_02 and pdsh fixes the following issues: slurm_23_02 - New version upgrade of Slurm to 23.02 (jsc#PED-2987): * For the full list of new features and changes please consult the packaged NEWS file and the following references: * 23.02.2 * 23.02.1 * 23.02.0 * Important notes: * If using the `slurmdbd` (Slurm DataBase Daemon) you must update this first. * If using a backup DBD you must start the primary first to do any database conversion, the backup will not start until this has happened. * The 23.02 `slurmdbd` will work with Slurm daemons of version 21.08 and above. You will not need to update all clusters at the same time, but it is very important to update `slurmdbd` first and having it running before updating any other clusters making use of it. * Slurm can be upgraded from version 21.08 or 22.05 to version 23.02 without loss of jobs or other state information. Upgrading directly from an earlier version of Slurm will result in loss of state information. * All SPANK plugins must be recompiled when upgrading from any Slurm version prior to 23.02 * PMIx v1.x is no longer supported * Packaging patches and changes: * Only call slurm_init() if Slurm > 21.02 (bsc#1212946) * Web-configurator: changed presets to SUSE defaults. * Use libpmix.so.2 instead of libpmix.so to fix (bsc#1209260) this removes the need of pmix-pluginlib * `slurm-plugins` need to require `pmix-pluginlib` (bsc#1209260) * Remove workaround to fix the restart issue in an Slurm package described in bsc#1088693 The Slurm version in this package is 16.05. Any attempt to directly migrate to the current version is bound to fail * Now require `slurm-munge` if `munge` authentication is installed * testsuite: on later SUSE versions claim ownership of directory `/etc/security/limits.d` * Move the ext_sensors/rrd plugin to a separate package: this plugin requires `librrd` which in turn requires huge parts of the client side X Window System stack. There is probably no use in cluttering up a system for a plugin that probably only used by a few * Configuration file changes: * `job_container.conf` \- Added "`Dirs`" option to list desired private mount points * `node_features` plugins - invalid users specified for `AllowUserBoot` will now result in `fatal()` rather than just an error * Allow jobs to queue even if the user is not in `AllowGroups` when `EnforcePartLimits=no` is set. This ensures consistency for all the Partition access controls, and matches the documented behavior for `EnforcePartLimits` * Add `InfluxDBTimeout` parameter to `acct_gather.conf` * `job_container/tmpfs` \- add support for expanding `%h` and `%n` in `BasePath` * `slurm.conf` \- Removed `SlurmctldPlugstack` option * Add new `SlurmctldParameters=validate_nodeaddr_threads=<number>` option to allow concurrent hostname resolution at `slurmctld` startup * Add new `AccountingStoreFlags=job_extra` option to store a job's extra field in the database * Add new "`defer_batch`" option to `SchedulerParameters` to only defer scheduling for batch jobs * Add new `DebugFlags` option '`JobComp`' to replace '`Elasticsearch`' * Add configurable job requeue limit parameter - `MaxBatchRequeue` \- in `slurm.conf` to permit changes from the old hard-coded value of 5 * `helpers.conf` \- Allow specification of node specific features * `helpers.conf` \- Allow many features to one helper script * `job_container/tmpfs` \- Add "`Shared`" option to support shared namespaces. This allows autofs to work with the `job_container/tmpfs` plugin when enabled * `acct_gather.conf` \- Added `EnergyIPMIPowerSensors=Node=DCMI` and `Node=DCMI_ENHANCED`. * Add new "`getnameinfo_cache_timeout=<number>`" option to CommunicationParameters to adjust or disable caching the results of `getnameinfo()` * Add new PrologFlags=ForceRequeueOnFail option to automatically requeue batch jobs on Prolog failures regardless of the job --requeue setting * Add `HealthCheckNodeState=NONDRAINED_IDLE` option. * Add '`explicit`' to Flags in `gres.conf`. This makes it so the gres is not automatically added to a job's allocation when `--exclusive` is used. Note that this is a per-node flag. * Moved the "`preempt_`" options from `SchedulerParameters` to `PreemptParameters`, and dropped the prefix from the option names. (The old options will still be parsed for backwards compatibility, but are now undocumented.) * Add `LaunchParameters=ulimit_pam_adopt`, which enables setting `RLIMIT_RSS` in adopted processes. * Update SwitchParameters=job_vni to enable/disable creating job VNIs for all jobs, or when a user requests them * Update `SwitchParameters=single_node_vni` to enable/disable creating single node VNIs for all jobs, or when a user requests them * Add ability to preserve `SuspendExc*` parameters on reconfig with `ReconfigFlags=KeepPowerSaveSettings` * `slurmdbd.conf` \- Add new `AllResourcesAbsolute` to force all new resources to be created with the `Absolute` flag * `topology/tree` \- Add new `TopologyParam=SwitchAsNodeRank` option to reorder nodes based on switch layout. This can be useful if the naming convention for the nodes does not natually map to the network topology * Removed the default setting for `GpuFreqDef`. If unset, no attempt to change the GPU frequency will be made if `--gpu-freq` is not set for the step * Command Changes: * `sacctmgr` \- no longer force updates to the AdminComment, Comment, or SystemComment to lower-case * `sinfo` \- Add -F/--future option to sinfo to display future nodes. * `sacct` \- Rename 'Reserved' field to 'Planned' to match sreport and the nomenclature of the 'Planned' node * `scontrol` \- advanced reservation flag MAINT will no longer replace nodes, similar to STATIC_ALLOC * `sbatch` \- add parsing for #PBS -d and #PBS -w. * `scontrol` show assoc_mgr will show username(uid) instead of uid in QoS section. * Add `strigger --draining` and `-R/--resume` options. * Change `--oversubscribe` and `--exclusive` to be mutually exclusive for job submission. Job submission commands will now fatal if both are set. Previously, these options would override each other, with the last one in the job submission command taking effect. * `scontrol` \- Requested TRES and allocated TRES will now always be printed when showing jobs, instead of one TRES output that was either the requested or allocated. * `srun --ntasks-per-core` now applies to job and step allocations. Now, use of `--ntasks-per-core=1` implies `--cpu-bind=cores` and `--ntasks-per- core>1` implies `--cpu-bind=threads`. * `salloc/sbatch/srun` \- Check and abort if `ntasks-per-core` > `threads-per- core`. * `scontrol` \- Add `ResumeAfter=<secs>` option to "scontrol update nodename=". * Add a new "nodes=" argument to scontrol setdebug to allow the debug level on the slurmd processes to be temporarily altered * Add a new "nodes=" argument to "scontrol setdebugflags" as well. * Make it so `scrontab` prints client-side the job_submit() err_msg (which can be set i.e. by using the log_user() function for the lua plugin). * `scontrol` \- Reservations will not be allowed to have STATIC_ALLOC or MAINT flags and REPLACE[_DOWN] flags simultaneously * `scontrol` \- Reservations will only accept one reoccurring flag when being created or updated. * `scontrol` \- A reservation cannot be updated to be reoccurring if it is already a floating reservation. * `squeue` \- removed unused '%s' and 'SelectJobInfo' formats. * `squeue` \- align print format for exit and derived codes with that of other components (:). * `sacct` \- Add --array option to expand job arrays and display array tasks on separate lines. * Partial support for `--json` and `--yaml` formated outputs have been implemented for `sacctmgr`, `sdiag`, `sinfo`, `squeue`, and `scontrol`. The resultant data ouput will be filtered by normal command arguments. Formatting arguments will continue to be ignored. * `salloc/sbatch/srun` \- extended the `--nodes` syntax to allow for a list of valid node counts to be allocated to the job. This also supports a "step count" value (e.g., --nodes=20-100:20 is equivalent to --nodes=20,40,60,80,100) which can simplify the syntax when the job needs to scale by a certain "chunk" size * `srun` \- add user requestible vnis with '\--network=job_vni' option * `srun` \- add user requestible single node vnis with the `--network=single_node_vni` option * API Changes: * `job_container` plugins - `container_p_stepd_create()` function signature replaced `uint32_t` uid with `stepd_step_rec_t*` step. * `gres` plugins - `gres_g_get_devices()` function signature replaced `pid_t pid` with `stepd_step_rec_t*` step. * `cgroup` plugins - `task_cgroup_devices_constrain()` function signature removed `pid_t pid`. * `task` plugins - `replace task_p_pre_set_affinity()`, `task_p_set_affinity()`, and `task_p_post_set_affinity()` with `task_p_pre_launch_priv()` like it was back in slurm 20.11. * Allow for concurrent processing of `job_submit_g_submit()` and `job_submit_g_modify()` calls. If your plugin is not capable of concurrent operation you must add additional locking within your plugin. * Removed return value from slurm_list_append(). * The List and ListIterator types have been removed in favor of list_t and list_itr_t respectively. * burst buffer plugins: * add `bb_g_build_het_job_script()` * `bb_g_get_status()` \- added authenticated UID and GID * `bb_g_run_script()` \- added job_info argument * `burst_buffer.lua` \- Pass UID and GID to most hooks. Pass `job_info` (detailed job information) to many hooks. See `etc/burst_buffer.lua.example` for a complete list of changes. _WARNING_ : Backwards compatibility is broken for `slurm_bb_get_status`: UID and GID are passed before the variadic arguments. If UID and GID are not explicitly listed as arguments to `slurm_bb_get_status()`, then they will be included in the variadic arguments. Backwards compatibility is maintained for all other hooks because the new arguments are passed after the existing arguments. * `node_features plugins` changes: * `node_features_p_reboot_weight()` function removed. * `node_features_p_job_valid()` \- added parameter feature_list. * `node_features_p_job_xlate()` \- added parameters feature_list and `job_node_bitmap` * New `data_parser` interface with v0.0.39 plugin * Test Suite fixes: * Update README_Testsuite.md * Clean up left over files when de-installing test suite * Adjustment to test suite package: for SLE mark the openmpi4 devel package and slurm-hdf5 optional * Add `-ffat-lto-objects` to the build flags when LTO is set to make sure the object files we ship with the test suite still work correctly. * Improve `setup-testsuite.sh`: copy ssh fingerprints from all nodes pdsh: * Prepared `pdsh` for Slurm 23.02 (jsc#PED-2987) * Fix slurm plugin: make sure slurm_init() is called before using the Slurm API (bsc#1209216) * Fix regression in Slurm 23.02 breaking the pdsh-internal List type by exposing it thru it's public API (bsc#1208846) * Backport a number of features and fixes (bsc#1206795): * Add '-C' option on Slrum plugin to restrict selected nodes to ones with the specified features present * Add option '-k' to the ssh plugin to fail faster on connection failures * Fix use of `strchr` * `dshbak`: Fix uninitialized use of $tag on empty input * `dsh`: Release a lock that is no longer used in dsh() ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3322=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3322=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3322=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pdsh_slurm_20_02-debugsource-2.34-150100.10.19.1 * pdsh-slurm_20_02-2.34-150100.10.19.1 * pdsh-slurm_20_02-debuginfo-2.34-150100.10.19.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * pdsh_slurm_20_02-debugsource-2.34-150100.10.19.1 * pdsh-slurm_20_02-2.34-150100.10.19.1 * pdsh-slurm_20_02-debuginfo-2.34-150100.10.19.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libnss_slurm2_23_02-debuginfo-23.02.2-150100.3.3.1 * slurm_23_02-plugins-23.02.2-150100.3.3.1 * slurm_23_02-cray-debuginfo-23.02.2-150100.3.3.1 * pdsh_slurm_20_02-debugsource-2.34-150100.10.19.1 * slurm_23_02-pam_slurm-debuginfo-23.02.2-150100.3.3.1 * slurm_23_02-torque-debuginfo-23.02.2-150100.3.3.1 * pdsh-slurm-debuginfo-2.34-150100.10.19.1 * libpmi0_23_02-debuginfo-23.02.2-150100.3.3.1 * libslurm39-debuginfo-23.02.2-150100.3.3.1 * pdsh-slurm_22_05-2.34-150100.10.19.1 * slurm_23_02-node-23.02.2-150100.3.3.1 * slurm_23_02-sview-23.02.2-150100.3.3.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.2-150100.3.3.1 * pdsh-machines-debuginfo-2.34-150100.10.19.1 * pdsh-slurm-2.34-150100.10.19.1 * pdsh-slurm_23_02-2.34-150100.10.19.1 * slurm_23_02-sview-debuginfo-23.02.2-150100.3.3.1 * slurm_23_02-munge-23.02.2-150100.3.3.1 * slurm_23_02-sql-23.02.2-150100.3.3.1 * pdsh-machines-2.34-150100.10.19.1 * pdsh_slurm_22_05-debugsource-2.34-150100.10.19.1 * perl-slurm_23_02-23.02.2-150100.3.3.1 * slurm_23_02-auth-none-debuginfo-23.02.2-150100.3.3.1 * pdsh-slurm_23_02-debuginfo-2.34-150100.10.19.1 * pdsh-debuginfo-2.34-150100.10.19.1 * pdsh-slurm_22_05-debuginfo-2.34-150100.10.19.1 * pdsh-dshgroup-debuginfo-2.34-150100.10.19.1 * pdsh-genders-2.34-150100.10.19.1 * slurm_23_02-debugsource-23.02.2-150100.3.3.1 * libslurm39-23.02.2-150100.3.3.1 * pdsh-slurm_20_02-2.34-150100.10.19.1 * slurm_23_02-pam_slurm-23.02.2-150100.3.3.1 * slurm_23_02-rest-23.02.2-150100.3.3.1 * pdsh-netgroup-2.34-150100.10.19.1 * perl-slurm_23_02-debuginfo-23.02.2-150100.3.3.1 * slurm_23_02-rest-debuginfo-23.02.2-150100.3.3.1 * libnss_slurm2_23_02-23.02.2-150100.3.3.1 * pdsh-2.34-150100.10.19.1 * slurm_23_02-slurmdbd-23.02.2-150100.3.3.1 * pdsh-dshgroup-2.34-150100.10.19.1 * slurm_23_02-auth-none-23.02.2-150100.3.3.1 * slurm_23_02-lua-debuginfo-23.02.2-150100.3.3.1 * slurm_23_02-munge-debuginfo-23.02.2-150100.3.3.1 * slurm_23_02-devel-23.02.2-150100.3.3.1 * slurm_23_02-lua-23.02.2-150100.3.3.1 * pdsh-debugsource-2.34-150100.10.19.1 * slurm_23_02-23.02.2-150100.3.3.1 * pdsh-netgroup-debuginfo-2.34-150100.10.19.1 * pdsh-genders-debuginfo-2.34-150100.10.19.1 * slurm_23_02-debuginfo-23.02.2-150100.3.3.1 * slurm_23_02-torque-23.02.2-150100.3.3.1 * slurm_23_02-node-debuginfo-23.02.2-150100.3.3.1 * slurm_23_02-slurmdbd-debuginfo-23.02.2-150100.3.3.1 * slurm_23_02-plugins-debuginfo-23.02.2-150100.3.3.1 * slurm_23_02-sql-debuginfo-23.02.2-150100.3.3.1 * pdsh-slurm_20_02-debuginfo-2.34-150100.10.19.1 * slurm_23_02-cray-23.02.2-150100.3.3.1 * libpmi0_23_02-23.02.2-150100.3.3.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.2-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * slurm_23_02-webdoc-23.02.2-150100.3.3.1 * slurm_23_02-config-man-23.02.2-150100.3.3.1 * slurm_23_02-config-23.02.2-150100.3.3.1 * slurm_23_02-doc-23.02.2-150100.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1088693 * https://bugzilla.suse.com/show_bug.cgi?id=1206795 * https://bugzilla.suse.com/show_bug.cgi?id=1208846 * https://bugzilla.suse.com/show_bug.cgi?id=1209216 * https://bugzilla.suse.com/show_bug.cgi?id=1209260 * https://bugzilla.suse.com/show_bug.cgi?id=1212946 * https://jira.suse.com/browse/PED-2987 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 15 12:30:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Aug 2023 12:30:41 -0000 Subject: SUSE-FU-2023:3321-1: moderate: Feature update for slurm_23_02 and pdsh Message-ID: <169210264160.17472.18076238298974611614@smelt2.suse.de> # Feature update for slurm_23_02 and pdsh Announcement ID: SUSE-FU-2023:3321-1 Rating: moderate References: * #1088693 * #1206795 * #1208846 * #1209216 * #1209260 * #1212946 * PED-2987 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 An update that contains one feature and has six feature fixes can now be installed. ## Description: This update for slurm_23_02 and pdsh fixes the following issues: slurm_23_02 - New version upgrade of Slurm to 23.02 (jsc#PED-2987): * For the full list of new features and changes please consult the packaged NEWS file and the following references: * 23.02.2 * 23.02.1 * 23.02.0 * Important notes: * If using the `slurmdbd` (Slurm DataBase Daemon) you must update this first. * If using a backup DBD you must start the primary first to do any database conversion, the backup will not start until this has happened. * The 23.02 `slurmdbd` will work with Slurm daemons of version 21.08 and above. You will not need to update all clusters at the same time, but it is very important to update `slurmdbd` first and having it running before updating any other clusters making use of it. * Slurm can be upgraded from version 21.08 or 22.05 to version 23.02 without loss of jobs or other state information. Upgrading directly from an earlier version of Slurm will result in loss of state information. * All SPANK plugins must be recompiled when upgrading from any Slurm version prior to 23.02 * PMIx v1.x is no longer supported * Packaging patches and changes: * Only call slurm_init() if Slurm > 21.02 (bsc#1212946) * Web-configurator: changed presets to SUSE defaults. * Use libpmix.so.2 instead of libpmix.so to fix (bsc#1209260) this removes the need of pmix-pluginlib * `slurm-plugins` need to require `pmix-pluginlib` (bsc#1209260) * Remove workaround to fix the restart issue in an Slurm package described in bsc#1088693 The Slurm version in this package is 16.05. Any attempt to directly migrate to the current version is bound to fail * Now require `slurm-munge` if `munge` authentication is installed * testsuite: on later SUSE versions claim ownership of directory `/etc/security/limits.d` * Move the ext_sensors/rrd plugin to a separate package: this plugin requires `librrd` which in turn requires huge parts of the client side X Window System stack. There is probably no use in cluttering up a system for a plugin that probably only used by a few * Configuration file changes: * `job_container.conf` \- Added "`Dirs`" option to list desired private mount points * `node_features` plugins - invalid users specified for `AllowUserBoot` will now result in `fatal()` rather than just an error * Allow jobs to queue even if the user is not in `AllowGroups` when `EnforcePartLimits=no` is set. This ensures consistency for all the Partition access controls, and matches the documented behavior for `EnforcePartLimits` * Add `InfluxDBTimeout` parameter to `acct_gather.conf` * `job_container/tmpfs` \- add support for expanding `%h` and `%n` in `BasePath` * `slurm.conf` \- Removed `SlurmctldPlugstack` option * Add new `SlurmctldParameters=validate_nodeaddr_threads=<number>` option to allow concurrent hostname resolution at `slurmctld` startup * Add new `AccountingStoreFlags=job_extra` option to store a job's extra field in the database * Add new "`defer_batch`" option to `SchedulerParameters` to only defer scheduling for batch jobs * Add new `DebugFlags` option '`JobComp`' to replace '`Elasticsearch`' * Add configurable job requeue limit parameter - `MaxBatchRequeue` \- in `slurm.conf` to permit changes from the old hard-coded value of 5 * `helpers.conf` \- Allow specification of node specific features * `helpers.conf` \- Allow many features to one helper script * `job_container/tmpfs` \- Add "`Shared`" option to support shared namespaces. This allows autofs to work with the `job_container/tmpfs` plugin when enabled * `acct_gather.conf` \- Added `EnergyIPMIPowerSensors=Node=DCMI` and `Node=DCMI_ENHANCED`. * Add new "`getnameinfo_cache_timeout=<number>`" option to CommunicationParameters to adjust or disable caching the results of `getnameinfo()` * Add new PrologFlags=ForceRequeueOnFail option to automatically requeue batch jobs on Prolog failures regardless of the job --requeue setting * Add `HealthCheckNodeState=NONDRAINED_IDLE` option. * Add '`explicit`' to Flags in `gres.conf`. This makes it so the gres is not automatically added to a job's allocation when `--exclusive` is used. Note that this is a per-node flag. * Moved the "`preempt_`" options from `SchedulerParameters` to `PreemptParameters`, and dropped the prefix from the option names. (The old options will still be parsed for backwards compatibility, but are now undocumented.) * Add `LaunchParameters=ulimit_pam_adopt`, which enables setting `RLIMIT_RSS` in adopted processes. * Update SwitchParameters=job_vni to enable/disable creating job VNIs for all jobs, or when a user requests them * Update `SwitchParameters=single_node_vni` to enable/disable creating single node VNIs for all jobs, or when a user requests them * Add ability to preserve `SuspendExc*` parameters on reconfig with `ReconfigFlags=KeepPowerSaveSettings` * `slurmdbd.conf` \- Add new `AllResourcesAbsolute` to force all new resources to be created with the `Absolute` flag * `topology/tree` \- Add new `TopologyParam=SwitchAsNodeRank` option to reorder nodes based on switch layout. This can be useful if the naming convention for the nodes does not natually map to the network topology * Removed the default setting for `GpuFreqDef`. If unset, no attempt to change the GPU frequency will be made if `--gpu-freq` is not set for the step * Command Changes: * `sacctmgr` \- no longer force updates to the AdminComment, Comment, or SystemComment to lower-case * `sinfo` \- Add -F/--future option to sinfo to display future nodes. * `sacct` \- Rename 'Reserved' field to 'Planned' to match sreport and the nomenclature of the 'Planned' node * `scontrol` \- advanced reservation flag MAINT will no longer replace nodes, similar to STATIC_ALLOC * `sbatch` \- add parsing for #PBS -d and #PBS -w. * `scontrol` show assoc_mgr will show username(uid) instead of uid in QoS section. * Add `strigger --draining` and `-R/--resume` options. * Change `--oversubscribe` and `--exclusive` to be mutually exclusive for job submission. Job submission commands will now fatal if both are set. Previously, these options would override each other, with the last one in the job submission command taking effect. * `scontrol` \- Requested TRES and allocated TRES will now always be printed when showing jobs, instead of one TRES output that was either the requested or allocated. * `srun --ntasks-per-core` now applies to job and step allocations. Now, use of `--ntasks-per-core=1` implies `--cpu-bind=cores` and `--ntasks-per- core>1` implies `--cpu-bind=threads`. * `salloc/sbatch/srun` \- Check and abort if `ntasks-per-core` > `threads-per- core`. * `scontrol` \- Add `ResumeAfter=<secs>` option to "scontrol update nodename=". * Add a new "nodes=" argument to scontrol setdebug to allow the debug level on the slurmd processes to be temporarily altered * Add a new "nodes=" argument to "scontrol setdebugflags" as well. * Make it so `scrontab` prints client-side the job_submit() err_msg (which can be set i.e. by using the log_user() function for the lua plugin). * `scontrol` \- Reservations will not be allowed to have STATIC_ALLOC or MAINT flags and REPLACE[_DOWN] flags simultaneously * `scontrol` \- Reservations will only accept one reoccurring flag when being created or updated. * `scontrol` \- A reservation cannot be updated to be reoccurring if it is already a floating reservation. * `squeue` \- removed unused '%s' and 'SelectJobInfo' formats. * `squeue` \- align print format for exit and derived codes with that of other components (:). * `sacct` \- Add --array option to expand job arrays and display array tasks on separate lines. * Partial support for `--json` and `--yaml` formated outputs have been implemented for `sacctmgr`, `sdiag`, `sinfo`, `squeue`, and `scontrol`. The resultant data ouput will be filtered by normal command arguments. Formatting arguments will continue to be ignored. * `salloc/sbatch/srun` \- extended the `--nodes` syntax to allow for a list of valid node counts to be allocated to the job. This also supports a "step count" value (e.g., --nodes=20-100:20 is equivalent to --nodes=20,40,60,80,100) which can simplify the syntax when the job needs to scale by a certain "chunk" size * `srun` \- add user requestible vnis with '\--network=job_vni' option * `srun` \- add user requestible single node vnis with the `--network=single_node_vni` option * API Changes: * `job_container` plugins - `container_p_stepd_create()` function signature replaced `uint32_t` uid with `stepd_step_rec_t*` step. * `gres` plugins - `gres_g_get_devices()` function signature replaced `pid_t pid` with `stepd_step_rec_t*` step. * `cgroup` plugins - `task_cgroup_devices_constrain()` function signature removed `pid_t pid`. * `task` plugins - `replace task_p_pre_set_affinity()`, `task_p_set_affinity()`, and `task_p_post_set_affinity()` with `task_p_pre_launch_priv()` like it was back in slurm 20.11. * Allow for concurrent processing of `job_submit_g_submit()` and `job_submit_g_modify()` calls. If your plugin is not capable of concurrent operation you must add additional locking within your plugin. * Removed return value from slurm_list_append(). * The List and ListIterator types have been removed in favor of list_t and list_itr_t respectively. * burst buffer plugins: * add `bb_g_build_het_job_script()` * `bb_g_get_status()` \- added authenticated UID and GID * `bb_g_run_script()` \- added job_info argument * `burst_buffer.lua` \- Pass UID and GID to most hooks. Pass `job_info` (detailed job information) to many hooks. See `etc/burst_buffer.lua.example` for a complete list of changes. _WARNING_ : Backwards compatibility is broken for `slurm_bb_get_status`: UID and GID are passed before the variadic arguments. If UID and GID are not explicitly listed as arguments to `slurm_bb_get_status()`, then they will be included in the variadic arguments. Backwards compatibility is maintained for all other hooks because the new arguments are passed after the existing arguments. * `node_features plugins` changes: * `node_features_p_reboot_weight()` function removed. * `node_features_p_job_valid()` \- added parameter feature_list. * `node_features_p_job_xlate()` \- added parameters feature_list and `job_node_bitmap` * New `data_parser` interface with v0.0.39 plugin * Test Suite fixes: * Update README_Testsuite.md * Clean up left over files when de-installing test suite * Adjustment to test suite package: for SLE mark the openmpi4 devel package and slurm-hdf5 optional * Add `-ffat-lto-objects` to the build flags when LTO is set to make sure the object files we ship with the test suite still work correctly. * Improve `setup-testsuite.sh`: copy ssh fingerprints from all nodes pdsh: * Prepared `pdsh` for Slurm 23.02 (jsc#PED-2987) * Fix slurm plugin: make sure slurm_init() is called before using the Slurm API (bsc#1209216) * Fix regression in Slurm 23.02 breaking the pdsh-internal List type by exposing it thru it's public API (bsc#1208846) * Backport a number of features and fixes (bsc#1206795): * Add '-C' option on Slrum plugin to restrict selected nodes to ones with the specified features present * Add option '-k' to the ssh plugin to fail faster on connection failures * Fix use of `strchr` * `dshbak`: Fix uninitialized use of $tag on empty input * `dsh`: Release a lock that is no longer used in dsh() ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3321=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3321=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3321=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pdsh-slurm_20_11-debuginfo-2.34-150200.4.11.1 * pdsh-slurm_20_11-2.34-150200.4.11.1 * pdsh_slurm_20_11-debugsource-2.34-150200.4.11.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * pdsh-slurm_20_11-debuginfo-2.34-150200.4.11.1 * pdsh-slurm_20_11-2.34-150200.4.11.1 * pdsh_slurm_20_11-debugsource-2.34-150200.4.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * pdsh-slurm_22_05-debuginfo-2.34-150200.4.11.1 * slurm_23_02-sview-23.02.2-150200.5.3.1 * pdsh-dshgroup-2.34-150200.4.11.1 * pdsh-slurm_22_05-2.34-150200.4.11.1 * slurm_23_02-plugins-23.02.2-150200.5.3.1 * perl-slurm_23_02-23.02.2-150200.5.3.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-munge-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-pam_slurm-debuginfo-23.02.2-150200.5.3.1 * pdsh-slurm-2.34-150200.4.11.1 * slurm_23_02-sview-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-cray-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-slurmdbd-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-lua-23.02.2-150200.5.3.1 * pdsh-netgroup-debuginfo-2.34-150200.4.11.1 * pdsh-dshgroup-debuginfo-2.34-150200.4.11.1 * pdsh-genders-2.34-150200.4.11.1 * slurm_23_02-cray-23.02.2-150200.5.3.1 * slurm_23_02-munge-23.02.2-150200.5.3.1 * libpmi0_23_02-23.02.2-150200.5.3.1 * libnss_slurm2_23_02-debuginfo-23.02.2-150200.5.3.1 * libslurm39-debuginfo-23.02.2-150200.5.3.1 * pdsh-genders-debuginfo-2.34-150200.4.11.1 * slurm_23_02-23.02.2-150200.5.3.1 * libnss_slurm2_23_02-23.02.2-150200.5.3.1 * pdsh-machines-debuginfo-2.34-150200.4.11.1 * libpmi0_23_02-debuginfo-23.02.2-150200.5.3.1 * pdsh-debugsource-2.34-150200.4.11.1 * slurm_23_02-node-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-auth-none-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-pam_slurm-23.02.2-150200.5.3.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.2-150200.5.3.1 * libslurm39-23.02.2-150200.5.3.1 * slurm_23_02-slurmdbd-23.02.2-150200.5.3.1 * slurm_23_02-auth-none-23.02.2-150200.5.3.1 * slurm_23_02-sql-23.02.2-150200.5.3.1 * slurm_23_02-node-23.02.2-150200.5.3.1 * slurm_23_02-rest-debuginfo-23.02.2-150200.5.3.1 * pdsh-netgroup-2.34-150200.4.11.1 * pdsh-2.34-150200.4.11.1 * slurm_23_02-torque-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-debuginfo-23.02.2-150200.5.3.1 * perl-slurm_23_02-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-debugsource-23.02.2-150200.5.3.1 * pdsh-machines-2.34-150200.4.11.1 * pdsh_slurm_22_05-debugsource-2.34-150200.4.11.1 * slurm_23_02-devel-23.02.2-150200.5.3.1 * slurm_23_02-lua-debuginfo-23.02.2-150200.5.3.1 * pdsh-debuginfo-2.34-150200.4.11.1 * slurm_23_02-plugins-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-sql-debuginfo-23.02.2-150200.5.3.1 * slurm_23_02-torque-23.02.2-150200.5.3.1 * pdsh-slurm-debuginfo-2.34-150200.4.11.1 * pdsh-slurm_23_02-debuginfo-2.34-150200.4.11.1 * pdsh-slurm_23_02-2.34-150200.4.11.1 * slurm_23_02-rest-23.02.2-150200.5.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * slurm_23_02-doc-23.02.2-150200.5.3.1 * slurm_23_02-webdoc-23.02.2-150200.5.3.1 * slurm_23_02-config-man-23.02.2-150200.5.3.1 * slurm_23_02-config-23.02.2-150200.5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1088693 * https://bugzilla.suse.com/show_bug.cgi?id=1206795 * https://bugzilla.suse.com/show_bug.cgi?id=1208846 * https://bugzilla.suse.com/show_bug.cgi?id=1209216 * https://bugzilla.suse.com/show_bug.cgi?id=1209260 * https://bugzilla.suse.com/show_bug.cgi?id=1212946 * https://jira.suse.com/browse/PED-2987 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 15 12:30:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Aug 2023 12:30:46 -0000 Subject: SUSE-FU-2023:3320-1: moderate: Feature update for slurm_23_02 and pdsh Message-ID: <169210264664.17472.8651183719333126463@smelt2.suse.de> # Feature update for slurm_23_02 and pdsh Announcement ID: SUSE-FU-2023:3320-1 Rating: moderate References: * #1088693 * #1206795 * #1208846 * #1209216 * #1209260 * #1212946 * PED-2987 Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that contains one feature and has six feature fixes can now be installed. ## Description: This update for slurm_23_02 and pdsh fixes the following issues: slurm_23_02 - New version upgrade of Slurm to 23.02 (jsc#PED-2987): * For the full list of new features and changes please consult the packaged NEWS file and the following references: * 23.02.2 * 23.02.1 * 23.02.0 * Important notes: * If using the `slurmdbd` (Slurm DataBase Daemon) you must update this first. * If using a backup DBD you must start the primary first to do any database conversion, the backup will not start until this has happened. * The 23.02 `slurmdbd` will work with Slurm daemons of version 21.08 and above. You will not need to update all clusters at the same time, but it is very important to update `slurmdbd` first and having it running before updating any other clusters making use of it. * Slurm can be upgraded from version 21.08 or 22.05 to version 23.02 without loss of jobs or other state information. Upgrading directly from an earlier version of Slurm will result in loss of state information. * All SPANK plugins must be recompiled when upgrading from any Slurm version prior to 23.02 * PMIx v1.x is no longer supported * Packaging patches and changes: * Only call slurm_init() if Slurm > 21.02 (bsc#1212946) * Web-configurator: changed presets to SUSE defaults. * Use libpmix.so.2 instead of libpmix.so to fix (bsc#1209260) this removes the need of pmix-pluginlib * `slurm-plugins` need to require `pmix-pluginlib` (bsc#1209260) * Remove workaround to fix the restart issue in an Slurm package described in bsc#1088693 The Slurm version in this package is 16.05. Any attempt to directly migrate to the current version is bound to fail * Now require `slurm-munge` if `munge` authentication is installed * testsuite: on later SUSE versions claim ownership of directory `/etc/security/limits.d` * Move the ext_sensors/rrd plugin to a separate package: this plugin requires `librrd` which in turn requires huge parts of the client side X Window System stack. There is probably no use in cluttering up a system for a plugin that probably only used by a few * Configuration file changes: * `job_container.conf` \- Added "`Dirs`" option to list desired private mount points * `node_features` plugins - invalid users specified for `AllowUserBoot` will now result in `fatal()` rather than just an error * Allow jobs to queue even if the user is not in `AllowGroups` when `EnforcePartLimits=no` is set. This ensures consistency for all the Partition access controls, and matches the documented behavior for `EnforcePartLimits` * Add `InfluxDBTimeout` parameter to `acct_gather.conf` * `job_container/tmpfs` \- add support for expanding `%h` and `%n` in `BasePath` * `slurm.conf` \- Removed `SlurmctldPlugstack` option * Add new `SlurmctldParameters=validate_nodeaddr_threads=<number>` option to allow concurrent hostname resolution at `slurmctld` startup * Add new `AccountingStoreFlags=job_extra` option to store a job's extra field in the database * Add new "`defer_batch`" option to `SchedulerParameters` to only defer scheduling for batch jobs * Add new `DebugFlags` option '`JobComp`' to replace '`Elasticsearch`' * Add configurable job requeue limit parameter - `MaxBatchRequeue` \- in `slurm.conf` to permit changes from the old hard-coded value of 5 * `helpers.conf` \- Allow specification of node specific features * `helpers.conf` \- Allow many features to one helper script * `job_container/tmpfs` \- Add "`Shared`" option to support shared namespaces. This allows autofs to work with the `job_container/tmpfs` plugin when enabled * `acct_gather.conf` \- Added `EnergyIPMIPowerSensors=Node=DCMI` and `Node=DCMI_ENHANCED`. * Add new "`getnameinfo_cache_timeout=<number>`" option to CommunicationParameters to adjust or disable caching the results of `getnameinfo()` * Add new PrologFlags=ForceRequeueOnFail option to automatically requeue batch jobs on Prolog failures regardless of the job --requeue setting * Add `HealthCheckNodeState=NONDRAINED_IDLE` option. * Add '`explicit`' to Flags in `gres.conf`. This makes it so the gres is not automatically added to a job's allocation when `--exclusive` is used. Note that this is a per-node flag. * Moved the "`preempt_`" options from `SchedulerParameters` to `PreemptParameters`, and dropped the prefix from the option names. (The old options will still be parsed for backwards compatibility, but are now undocumented.) * Add `LaunchParameters=ulimit_pam_adopt`, which enables setting `RLIMIT_RSS` in adopted processes. * Update SwitchParameters=job_vni to enable/disable creating job VNIs for all jobs, or when a user requests them * Update `SwitchParameters=single_node_vni` to enable/disable creating single node VNIs for all jobs, or when a user requests them * Add ability to preserve `SuspendExc*` parameters on reconfig with `ReconfigFlags=KeepPowerSaveSettings` * `slurmdbd.conf` \- Add new `AllResourcesAbsolute` to force all new resources to be created with the `Absolute` flag * `topology/tree` \- Add new `TopologyParam=SwitchAsNodeRank` option to reorder nodes based on switch layout. This can be useful if the naming convention for the nodes does not natually map to the network topology * Removed the default setting for `GpuFreqDef`. If unset, no attempt to change the GPU frequency will be made if `--gpu-freq` is not set for the step * Command Changes: * `sacctmgr` \- no longer force updates to the AdminComment, Comment, or SystemComment to lower-case * `sinfo` \- Add -F/--future option to sinfo to display future nodes. * `sacct` \- Rename 'Reserved' field to 'Planned' to match sreport and the nomenclature of the 'Planned' node * `scontrol` \- advanced reservation flag MAINT will no longer replace nodes, similar to STATIC_ALLOC * `sbatch` \- add parsing for #PBS -d and #PBS -w. * `scontrol` show assoc_mgr will show username(uid) instead of uid in QoS section. * Add `strigger --draining` and `-R/--resume` options. * Change `--oversubscribe` and `--exclusive` to be mutually exclusive for job submission. Job submission commands will now fatal if both are set. Previously, these options would override each other, with the last one in the job submission command taking effect. * `scontrol` \- Requested TRES and allocated TRES will now always be printed when showing jobs, instead of one TRES output that was either the requested or allocated. * `srun --ntasks-per-core` now applies to job and step allocations. Now, use of `--ntasks-per-core=1` implies `--cpu-bind=cores` and `--ntasks-per- core>1` implies `--cpu-bind=threads`. * `salloc/sbatch/srun` \- Check and abort if `ntasks-per-core` > `threads-per- core`. * `scontrol` \- Add `ResumeAfter=<secs>` option to "scontrol update nodename=". * Add a new "nodes=" argument to scontrol setdebug to allow the debug level on the slurmd processes to be temporarily altered * Add a new "nodes=" argument to "scontrol setdebugflags" as well. * Make it so `scrontab` prints client-side the job_submit() err_msg (which can be set i.e. by using the log_user() function for the lua plugin). * `scontrol` \- Reservations will not be allowed to have STATIC_ALLOC or MAINT flags and REPLACE[_DOWN] flags simultaneously * `scontrol` \- Reservations will only accept one reoccurring flag when being created or updated. * `scontrol` \- A reservation cannot be updated to be reoccurring if it is already a floating reservation. * `squeue` \- removed unused '%s' and 'SelectJobInfo' formats. * `squeue` \- align print format for exit and derived codes with that of other components (:). * `sacct` \- Add --array option to expand job arrays and display array tasks on separate lines. * Partial support for `--json` and `--yaml` formated outputs have been implemented for `sacctmgr`, `sdiag`, `sinfo`, `squeue`, and `scontrol`. The resultant data ouput will be filtered by normal command arguments. Formatting arguments will continue to be ignored. * `salloc/sbatch/srun` \- extended the `--nodes` syntax to allow for a list of valid node counts to be allocated to the job. This also supports a "step count" value (e.g., --nodes=20-100:20 is equivalent to --nodes=20,40,60,80,100) which can simplify the syntax when the job needs to scale by a certain "chunk" size * `srun` \- add user requestible vnis with '\--network=job_vni' option * `srun` \- add user requestible single node vnis with the `--network=single_node_vni` option * API Changes: * `job_container` plugins - `container_p_stepd_create()` function signature replaced `uint32_t` uid with `stepd_step_rec_t*` step. * `gres` plugins - `gres_g_get_devices()` function signature replaced `pid_t pid` with `stepd_step_rec_t*` step. * `cgroup` plugins - `task_cgroup_devices_constrain()` function signature removed `pid_t pid`. * `task` plugins - `replace task_p_pre_set_affinity()`, `task_p_set_affinity()`, and `task_p_post_set_affinity()` with `task_p_pre_launch_priv()` like it was back in slurm 20.11. * Allow for concurrent processing of `job_submit_g_submit()` and `job_submit_g_modify()` calls. If your plugin is not capable of concurrent operation you must add additional locking within your plugin. * Removed return value from slurm_list_append(). * The List and ListIterator types have been removed in favor of list_t and list_itr_t respectively. * burst buffer plugins: * add `bb_g_build_het_job_script()` * `bb_g_get_status()` \- added authenticated UID and GID * `bb_g_run_script()` \- added job_info argument * `burst_buffer.lua` \- Pass UID and GID to most hooks. Pass `job_info` (detailed job information) to many hooks. See `etc/burst_buffer.lua.example` for a complete list of changes. _WARNING_ : Backwards compatibility is broken for `slurm_bb_get_status`: UID and GID are passed before the variadic arguments. If UID and GID are not explicitly listed as arguments to `slurm_bb_get_status()`, then they will be included in the variadic arguments. Backwards compatibility is maintained for all other hooks because the new arguments are passed after the existing arguments. * `node_features plugins` changes: * `node_features_p_reboot_weight()` function removed. * `node_features_p_job_valid()` \- added parameter feature_list. * `node_features_p_job_xlate()` \- added parameters feature_list and `job_node_bitmap` * New `data_parser` interface with v0.0.39 plugin * Test Suite fixes: * Update README_Testsuite.md * Clean up left over files when de-installing test suite * Adjustment to test suite package: for SLE mark the openmpi4 devel package and slurm-hdf5 optional * Add `-ffat-lto-objects` to the build flags when LTO is set to make sure the object files we ship with the test suite still work correctly. * Improve `setup-testsuite.sh`: copy ssh fingerprints from all nodes pdsh: * Prepared `pdsh` for Slurm 23.02 (jsc#PED-2987) * Fix slurm plugin: make sure slurm_init() is called before using the Slurm API (bsc#1209216) * Fix regression in Slurm 23.02 breaking the pdsh-internal List type by exposing it thru it's public API (bsc#1208846) * Backport a number of features and fixes (bsc#1206795): * Add '-C' option on Slrum plugin to restrict selected nodes to ones with the specified features present * Add option '-k' to the ssh plugin to fail faster on connection failures * Fix use of `strchr` * `dshbak`: Fix uninitialized use of $tag on empty input * `dsh`: Release a lock that is no longer used in dsh() ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3320=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3320=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-3320=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3320=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3320=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * slurm_23_02-pam_slurm-debuginfo-23.02.2-150300.7.3.1 * pdsh-2.34-150300.48.1 * libslurm39-23.02.2-150300.7.3.1 * pdsh-dshgroup-2.34-150300.48.1 * pdsh-machines-2.34-150300.48.1 * slurm_23_02-cray-23.02.2-150300.7.3.1 * pdsh-genders-debuginfo-2.34-150300.48.1 * pdsh-genders-2.34-150300.48.1 * pdsh-debugsource-2.34-150300.48.1 * libpmi0_23_02-23.02.2-150300.7.3.1 * pdsh-slurm_22_05-2.34-150300.48.1 * slurm_23_02-node-23.02.2-150300.7.3.1 * slurm_23_02-sview-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-debugsource-23.02.2-150300.7.3.1 * slurm_23_02-23.02.2-150300.7.3.1 * libpmi0_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-cray-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-lua-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-node-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-torque-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-munge-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-sql-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-lua-23.02.2-150300.7.3.1 * slurm_23_02-auth-none-23.02.2-150300.7.3.1 * slurm_23_02-rest-23.02.2-150300.7.3.1 * pdsh-machines-debuginfo-2.34-150300.48.1 * slurm_23_02-devel-23.02.2-150300.7.3.1 * slurm_23_02-slurmdbd-23.02.2-150300.7.3.1 * slurm_23_02-sql-23.02.2-150300.7.3.1 * slurm_23_02-slurmdbd-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-plugins-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-auth-none-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-torque-23.02.2-150300.7.3.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.2-150300.7.3.1 * libnss_slurm2_23_02-debuginfo-23.02.2-150300.7.3.1 * pdsh-dshgroup-debuginfo-2.34-150300.48.1 * pdsh-slurm-2.34-150300.48.1 * libnss_slurm2_23_02-23.02.2-150300.7.3.1 * pdsh_slurm_22_05-debugsource-2.34-150300.48.1 * pdsh-slurm-debuginfo-2.34-150300.48.1 * pdsh-slurm_23_02-debuginfo-2.34-150300.48.1 * pdsh-netgroup-debuginfo-2.34-150300.48.1 * slurm_23_02-rest-debuginfo-23.02.2-150300.7.3.1 * libslurm39-debuginfo-23.02.2-150300.7.3.1 * perl-slurm_23_02-23.02.2-150300.7.3.1 * pdsh-netgroup-2.34-150300.48.1 * pdsh-slurm_22_05-debuginfo-2.34-150300.48.1 * pdsh-slurm_23_02-2.34-150300.48.1 * perl-slurm_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-munge-23.02.2-150300.7.3.1 * slurm_23_02-pam_slurm-23.02.2-150300.7.3.1 * slurm_23_02-sview-23.02.2-150300.7.3.1 * pdsh-debuginfo-2.34-150300.48.1 * slurm_23_02-plugins-23.02.2-150300.7.3.1 * openSUSE Leap 15.4 (noarch) * slurm_23_02-webdoc-23.02.2-150300.7.3.1 * slurm_23_02-config-man-23.02.2-150300.7.3.1 * slurm_23_02-config-23.02.2-150300.7.3.1 * slurm_23_02-doc-23.02.2-150300.7.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * pdsh_slurm_22_05-debugsource-2.34-150300.48.1 * pdsh-slurm_22_05-2.34-150300.48.1 * pdsh-slurm_22_05-debuginfo-2.34-150300.48.1 * HPC Module 15-SP4 (aarch64 x86_64) * slurm_23_02-pam_slurm-debuginfo-23.02.2-150300.7.3.1 * pdsh-2.34-150300.48.1 * libslurm39-23.02.2-150300.7.3.1 * pdsh-dshgroup-2.34-150300.48.1 * pdsh-machines-2.34-150300.48.1 * slurm_23_02-cray-23.02.2-150300.7.3.1 * pdsh-genders-debuginfo-2.34-150300.48.1 * pdsh-genders-2.34-150300.48.1 * pdsh-debugsource-2.34-150300.48.1 * libpmi0_23_02-23.02.2-150300.7.3.1 * pdsh-slurm_22_05-2.34-150300.48.1 * slurm_23_02-node-23.02.2-150300.7.3.1 * slurm_23_02-sview-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-debugsource-23.02.2-150300.7.3.1 * slurm_23_02-23.02.2-150300.7.3.1 * libpmi0_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-cray-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-lua-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-node-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-torque-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-munge-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-sql-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-lua-23.02.2-150300.7.3.1 * slurm_23_02-auth-none-23.02.2-150300.7.3.1 * slurm_23_02-rest-23.02.2-150300.7.3.1 * pdsh-machines-debuginfo-2.34-150300.48.1 * slurm_23_02-devel-23.02.2-150300.7.3.1 * slurm_23_02-slurmdbd-23.02.2-150300.7.3.1 * slurm_23_02-sql-23.02.2-150300.7.3.1 * slurm_23_02-slurmdbd-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-plugins-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-auth-none-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-torque-23.02.2-150300.7.3.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.2-150300.7.3.1 * libnss_slurm2_23_02-debuginfo-23.02.2-150300.7.3.1 * pdsh-dshgroup-debuginfo-2.34-150300.48.1 * pdsh-slurm-2.34-150300.48.1 * libnss_slurm2_23_02-23.02.2-150300.7.3.1 * pdsh_slurm_22_05-debugsource-2.34-150300.48.1 * pdsh-slurm-debuginfo-2.34-150300.48.1 * pdsh-slurm_23_02-debuginfo-2.34-150300.48.1 * pdsh-netgroup-debuginfo-2.34-150300.48.1 * slurm_23_02-rest-debuginfo-23.02.2-150300.7.3.1 * libslurm39-debuginfo-23.02.2-150300.7.3.1 * perl-slurm_23_02-23.02.2-150300.7.3.1 * pdsh-netgroup-2.34-150300.48.1 * pdsh-slurm_22_05-debuginfo-2.34-150300.48.1 * pdsh-slurm_23_02-2.34-150300.48.1 * perl-slurm_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-munge-23.02.2-150300.7.3.1 * slurm_23_02-pam_slurm-23.02.2-150300.7.3.1 * slurm_23_02-sview-23.02.2-150300.7.3.1 * pdsh-debuginfo-2.34-150300.48.1 * slurm_23_02-plugins-23.02.2-150300.7.3.1 * HPC Module 15-SP4 (noarch) * slurm_23_02-webdoc-23.02.2-150300.7.3.1 * slurm_23_02-config-man-23.02.2-150300.7.3.1 * slurm_23_02-config-23.02.2-150300.7.3.1 * slurm_23_02-doc-23.02.2-150300.7.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * slurm_23_02-pam_slurm-debuginfo-23.02.2-150300.7.3.1 * pdsh-2.34-150300.48.1 * libslurm39-23.02.2-150300.7.3.1 * pdsh-dshgroup-2.34-150300.48.1 * pdsh-machines-2.34-150300.48.1 * slurm_23_02-cray-23.02.2-150300.7.3.1 * pdsh-genders-debuginfo-2.34-150300.48.1 * pdsh-genders-2.34-150300.48.1 * pdsh-debugsource-2.34-150300.48.1 * libpmi0_23_02-23.02.2-150300.7.3.1 * pdsh-slurm_22_05-2.34-150300.48.1 * slurm_23_02-node-23.02.2-150300.7.3.1 * slurm_23_02-sview-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-debugsource-23.02.2-150300.7.3.1 * slurm_23_02-23.02.2-150300.7.3.1 * libpmi0_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-cray-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-lua-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-node-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-torque-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-munge-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-sql-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-lua-23.02.2-150300.7.3.1 * slurm_23_02-auth-none-23.02.2-150300.7.3.1 * slurm_23_02-rest-23.02.2-150300.7.3.1 * pdsh-machines-debuginfo-2.34-150300.48.1 * slurm_23_02-devel-23.02.2-150300.7.3.1 * slurm_23_02-slurmdbd-23.02.2-150300.7.3.1 * slurm_23_02-sql-23.02.2-150300.7.3.1 * slurm_23_02-slurmdbd-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-plugins-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-auth-none-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-torque-23.02.2-150300.7.3.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.2-150300.7.3.1 * libnss_slurm2_23_02-debuginfo-23.02.2-150300.7.3.1 * pdsh-dshgroup-debuginfo-2.34-150300.48.1 * pdsh-slurm-2.34-150300.48.1 * libnss_slurm2_23_02-23.02.2-150300.7.3.1 * pdsh_slurm_22_05-debugsource-2.34-150300.48.1 * pdsh-slurm-debuginfo-2.34-150300.48.1 * pdsh-slurm_23_02-debuginfo-2.34-150300.48.1 * pdsh-netgroup-debuginfo-2.34-150300.48.1 * slurm_23_02-rest-debuginfo-23.02.2-150300.7.3.1 * libslurm39-debuginfo-23.02.2-150300.7.3.1 * perl-slurm_23_02-23.02.2-150300.7.3.1 * pdsh-netgroup-2.34-150300.48.1 * pdsh-slurm_22_05-debuginfo-2.34-150300.48.1 * pdsh-slurm_23_02-2.34-150300.48.1 * perl-slurm_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-munge-23.02.2-150300.7.3.1 * slurm_23_02-pam_slurm-23.02.2-150300.7.3.1 * slurm_23_02-sview-23.02.2-150300.7.3.1 * pdsh-debuginfo-2.34-150300.48.1 * slurm_23_02-plugins-23.02.2-150300.7.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * slurm_23_02-webdoc-23.02.2-150300.7.3.1 * slurm_23_02-config-man-23.02.2-150300.7.3.1 * slurm_23_02-config-23.02.2-150300.7.3.1 * slurm_23_02-doc-23.02.2-150300.7.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * slurm_23_02-pam_slurm-debuginfo-23.02.2-150300.7.3.1 * pdsh-2.34-150300.48.1 * libslurm39-23.02.2-150300.7.3.1 * pdsh-dshgroup-2.34-150300.48.1 * pdsh-machines-2.34-150300.48.1 * slurm_23_02-cray-23.02.2-150300.7.3.1 * pdsh-genders-debuginfo-2.34-150300.48.1 * pdsh-genders-2.34-150300.48.1 * pdsh-debugsource-2.34-150300.48.1 * libpmi0_23_02-23.02.2-150300.7.3.1 * pdsh-slurm_22_05-2.34-150300.48.1 * slurm_23_02-node-23.02.2-150300.7.3.1 * slurm_23_02-sview-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-debugsource-23.02.2-150300.7.3.1 * slurm_23_02-23.02.2-150300.7.3.1 * libpmi0_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-cray-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-lua-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-node-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-torque-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-munge-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-sql-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-lua-23.02.2-150300.7.3.1 * slurm_23_02-auth-none-23.02.2-150300.7.3.1 * slurm_23_02-rest-23.02.2-150300.7.3.1 * pdsh-machines-debuginfo-2.34-150300.48.1 * slurm_23_02-devel-23.02.2-150300.7.3.1 * slurm_23_02-slurmdbd-23.02.2-150300.7.3.1 * slurm_23_02-sql-23.02.2-150300.7.3.1 * slurm_23_02-slurmdbd-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-plugins-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-auth-none-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-torque-23.02.2-150300.7.3.1 * slurm_23_02-plugin-ext-sensors-rrd-23.02.2-150300.7.3.1 * libnss_slurm2_23_02-debuginfo-23.02.2-150300.7.3.1 * pdsh-dshgroup-debuginfo-2.34-150300.48.1 * pdsh-slurm-2.34-150300.48.1 * libnss_slurm2_23_02-23.02.2-150300.7.3.1 * pdsh_slurm_22_05-debugsource-2.34-150300.48.1 * pdsh-slurm-debuginfo-2.34-150300.48.1 * pdsh-slurm_23_02-debuginfo-2.34-150300.48.1 * pdsh-netgroup-debuginfo-2.34-150300.48.1 * slurm_23_02-rest-debuginfo-23.02.2-150300.7.3.1 * libslurm39-debuginfo-23.02.2-150300.7.3.1 * perl-slurm_23_02-23.02.2-150300.7.3.1 * pdsh-netgroup-2.34-150300.48.1 * pdsh-slurm_22_05-debuginfo-2.34-150300.48.1 * pdsh-slurm_23_02-2.34-150300.48.1 * perl-slurm_23_02-debuginfo-23.02.2-150300.7.3.1 * slurm_23_02-munge-23.02.2-150300.7.3.1 * slurm_23_02-pam_slurm-23.02.2-150300.7.3.1 * slurm_23_02-sview-23.02.2-150300.7.3.1 * pdsh-debuginfo-2.34-150300.48.1 * slurm_23_02-plugins-23.02.2-150300.7.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * slurm_23_02-webdoc-23.02.2-150300.7.3.1 * slurm_23_02-config-man-23.02.2-150300.7.3.1 * slurm_23_02-config-23.02.2-150300.7.3.1 * slurm_23_02-doc-23.02.2-150300.7.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1088693 * https://bugzilla.suse.com/show_bug.cgi?id=1206795 * https://bugzilla.suse.com/show_bug.cgi?id=1208846 * https://bugzilla.suse.com/show_bug.cgi?id=1209216 * https://bugzilla.suse.com/show_bug.cgi?id=1209260 * https://bugzilla.suse.com/show_bug.cgi?id=1212946 * https://jira.suse.com/browse/PED-2987 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 15 12:30:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Aug 2023 12:30:49 -0000 Subject: SUSE-FU-2023:3319-1: moderate: Feature update for Maven Message-ID: <169210264978.17472.7998507722394317549@smelt2.suse.de> # Feature update for Maven Announcement ID: SUSE-FU-2023:3319-1 Rating: moderate References: * #1211198 * SLE-23217 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that contains one feature and has one feature fix can now be installed. ## Description: This update for aopalliance, beust-jcommander, maven, maven-install-plugin, maven-resolver, maven-wagon, plexus-utils, sbt and xmvn fixes the following issues: aopalliance: * Include in SUSE Linux Enterprise 15 Service Pack 5: Dependency needed by Maven (no source changes) beust-jcommander: * Version update from 1.71 to 1.82 (jsc#SLE-23217): * Add a test for Parameter order usage * Add a test for Path converter * Add automatic module name to manifest * Add check if Boolean parameter is default null, then do not flip value * Add testing modules * Add format tests for DefaultUsageFormatter, UnixStyleUsageFormatter * Add testing for UnixStyleUsageFormatter * Add unix-style formatter, allow DefaultUsageFormatter to be extended easier * Allow generics of type and in parameters * Allow main parameters to be a single field. * Allow System.out to be replaced by something else (f.e. System.err) * Allow UsageFormatter to be set in JCommander Builder * Change UsageFormatter into an interface * Clean up DefaultUsageFormatter * Create MyDelegate.java * Create UsageFormatter (preliminary) * Enable usage() ordering for DynamicParameter * Encapsulate MainParameter. * Encode user input to massage error message * Expose more of the UsageFormatter implementations * Fields annotated with @ParametersDelegate are now allowed to be final. * Fixed bug when parsing arguments is ignoring case sensitivity option * Fix error message when failing to convert a Path * Fix locale-related issues in usage formatter tests * Get boolean/Boolean getter with "is" prefix * Implement Environment Variable Default Provider * Make console configurable by JCommander.Builder * Make UsageFormatter abstract, Create DefaultUsageFormatter * Only one DefaultConverterFactory * Remove String.join usage - resolves #381 * Remove the generic in IStringConverterFactory * Restrict access to JCommander.Options again * Support arity for main parameters. * Update DefaultParameterizedParser.java * Update IParameterizedParser.java * Update JCommander.java * usage() hides 'Comments:' header when only hidden commands exist * Use Builder API as constructor is deprecated * Use get default getter approach if is method is not found * Upgrade needed by new code in xmvn 4.2.0 maven: * Version update from 3.8.6 to 3.9.2 (jsc#SLE-23217): * Fix interpolated properties in originalModel in an active profile. * Fix java.lang.NullPointerException at org.apache.maven.repository.internal.DefaultModelCache.newInstance (DefaultModelCache.java:37) * Issue a warning if plugin depends on maven-compat * Add more information when using `-Dmaven.repo.local.recordReverseTree=true` * Improvement and extension of plugin validation * Don't fingerprint Sigstore signatures (like GPG) * Print suppressed exceptions when a mojo fails * Upgrade animal-sniffer from 1.21 to 1.23 * Fix issue with Maven CLI not working (bsc#1211198) * Maven Wagon upgrade * Minimum Java version to use with Maven 3.9.0 is raised to Java 8. * With Java 8, upgrade of several key dependencies became possible as well. * Several backports from Maven 4.x line. * Cutting ties with Maven 2 backward compatibility, preparing grounds for Maven 4. * The Maven Resolver transport has changed from Wagon to ?native HTTP?, see Resolver Transport guide. * Maven 2.x was auto-injecting an ancient version of plexus-utils dependency into the plugin classpath, and Maven 3.x continued doing this to preserve backward compatibility. Starting with Maven 3.9, it does not happen anymore. This change may lead to plugin breakage. The fix for affected plugin maintainers is to explicitly declare a dependency on plexus-utils. The workaround for affected plugin users is to add this dependency to plugin dependencies until issue is fixed by the affected plugin maintainer. * Mojos are prevented to boostrap new instance of RepositorySystem (for example by using deprecated ServiceLocator), they should reuse RepositorySystem instance provided by Maven instead. See MNG-7471. * Each line in .mvn/maven.config is now interpreted as a single argument. That is, if the file contains multiple arguments, these must now be placed on separate lines, see MNG-7684. * General performance and other fixes maven-install-plugin: * Version upgrade from 3.0.0 to 3.1.1 (jsc#SLE-23217): * Use proper repositorySystemSession * Upgrade Parent to 39 * Add parameter to lax project validation * installAtEnd when module does not use maven-install-plugin * Don't use metadata from main artifact to fetch pom.xml * Install all artifacts in one request * Require Java 8 * Cleanup IT tests * Upgrade Parent to 37 * Bump mockito-core from 2.28.2 to 4.8.1 * Generated POM is not installed if original POM exists * Remove a lot of checksum related dead code and commented out tests * Create GitHub Actions * Use shared GH Actions * Update plugin (requires Maven 3.2.5+) * Upgrade maven-plugin parent to 36 * Install At End feature (no extension) * Streamline the plugin by maven-resolver: * Version upgrade from 1.7.3 to 1.9.12 (jsc#SLE-23217): * Bug fixes: * Fix unreliable TCP and retries on upload * Fix ConflictResolver STANDARD verbosity * Fix duplicate METADATA_DOWNLOADING event being sent * Disable checksum by default for .sigstore in addition to .asc * Fix conflict resolution in verbose mode is sensitive to version ordering * Fix SslConfig httpSecurityMode change is not detected * Fix Preemptive Auth broken when default ports used * Fix regression suddenly seeing I/O errors under windows aborting the build * Fix static name mapper unusable with file-lock factory * Fix "IllegalArgumentException: Comparison method violates its general contract!" * Fix DF collector enters endless loop when collecting org.webjars.npm:musquette:1.1.1 * Fix javax.inject should be provided or optional * Evaluate blocked repositories also when retrieving metadata * Fix PrefixesRemoteRepositoryFilterSource aborts the build while it should not * Fix Artifact file permission * FileProcessor.write( File, InputStream ) is defunct * Fix documented and used param names mismatch * Fix JapiCmp configuration and document it * m-deploy-p will create hashes for hashes * Fix discrepancy between produced and recognized checksums * Resolver checksum calculation should be driven by layout * When no remote checksums provided by layout, transfer inevitably fails/warns * Fix usage of descriptors map in DataPool prevents gargabe collection * New features: * Make aether.checksums.algorithms settable per remote repository * Lock factory provides lock states on failure * Support parallel artifact/metadata uploads * Support parallel deploy * Chained LRM * Support forcing specific repositories for artifacts * Apply artifact checksum verification for any resolved artifact * Introduce Remote Repository Filter feature * Introduce trusted checksums source * Resolver post-processor * Introduce RepositorySystem shutdown hooks * Make it possible to resolve .asc on a 'fail' respository. * Dependency upgrades: * Remove Guava (is unused) * Upgrade Parent to 39 * Update dependencies, align with Maven * Update parent POM to 37, remove plugin version overrides, update bnd * Upgrade invoker, install, deploy, require maven 3.8.4+ * Upgrade Redisson to 3.17.5 * Update Hazelcast to 5.1.1 in named-locks-hazelcast module maven-wagon: * Version upgrade from 3.2.0 to 3.5.3 (jsc#SLE-23217): * Bug fixes: * Fix Maven deploy fails with 401 Unauthorized when using ? in password * Default connect timeout not set when no HttpMethodConfiguration is available * Maven transfer speed of large artifacts is slow due to unsuitable buffer strategy * Explicitly register only supported auth schemes * Switch to modern-day encoding (UTF-8) of auth credentials * HttpWagon TTL not set * Upgrade HttpCore to 4.4.11 * Upgrade HttpClient to 4.5.7 * Upgrade Commons Net to 3.6 * Upgrade JSoup to 1.11.3 * Uprade JSch to 0.1.55 * Replace Commons Codec with Plexus Utils * Upgrade Plexus Classworlds to 2.6.0 * Tests with checkin rely on global Git config * Use java.nio.file.Path for URI construction of file:// URI in tests * Skip parsing of user info for file:// URLs * Integer overflow prevents optimal buffer size selection for large artifacts * Upgrade Plexus Interactivity to 1.0 * Upgrade Plexus Utils to 3.2.0 * Upgrade JSoup to 1.12.1 * Upgrade HttpClient to 4.5.9 * SSH connection failure because 'preferredAuthentications' option is ignored if password isn't set * Provide request retry strategy on transient client and server side errors * Fail to deploy on Sonatype OSS since Maven 3.5.4 * Inconsistent encoding behavior for repository URLs with spaces * Use RedirectStrategy from HttpClient rather than a custom approach * Rename RequestEntityImplementation to WagonHttpEntity * EntityUtils.consumeQuietly() never called on non-2xx status codes * Retry handler docs are possibly wrong * Upgrade HttpCore to 4.4.13 * Upgrade HttpClient to 4.5.11 * Handle SC_UNAUTHORIZED and SC_PROXY_AUTHENTICATION_REQUIRED in all methods * Improve and unify exception messages by status code types throughout HTTP providers * Upgrade HttpClient to 4.5.12 * HttpMethodConfiguration#copy() performs a shallow copy only * Update parent POM * Handle 404 and 410 consistently in HTTP-based Wagon providers * Transfer event is not restarted when request is redirected * Fix Wagon failing when compiled on Java 9+ and run on Java 8 due to JDK API breakage * Remove non-existent cache header * Fix http.route.default-proxy config property never passes protocol and port of proxy server * Add configuration property 'http.protocol.handle-content-compression' * Add configuration property 'http.protocol.handle-uri-normalization' * Fix self-assignment and set class field * [Regression] Preserve trailing slash in encoded URL * Upgrade HttpCore to 4.4.14 * Upgrade HttpClient to 4.5.13 * Upgrade transitive Commons Codec to 1.15 * Improvements: * Properly handle authentication scenarios with MKCOL * Deprecations: * Remove shading of JSoup * Deprecate Wagon FTP Provider * Deprecate Wagon HTTP Lightweight Provider * Deprecate Wagon SSH Provider * Deprecate Wagon WebDAV Provider * Remove HTTP file listing with JSoup * Dependency upgrades: * Upgrade SLF4J to 1.7.32 * Upgrade JUnit to 4.13.2 * Upgrade Plexus Interactivity to 1.1 * Upgrade HttpCore to 4.4.15 * Upgrade and clean up dependencies plexus-utils: * Version update from 3.4.0 to 3.5.0 (jsc#SLE-23217): * Don't throw IOException when none is required * Always preserve dominant node value (even if empty) * Don't overwrite blank (but non-empty) dominant values during mergeXpp3Dom * Deprecate isEmpty(String) and isNotEmpty(String) in favour of same named * isEmpty(String) must not return false for whitespace-only values * Get rid maven-plugin-testing-harness from dependency * Provides a CachingOuptutStream and a CachingWriter * Use (already) precalculated value * MXParser fixes * Fix last modified time not being updated on linux * Fix regression and deprecate: FileUtils.fileAppend should create file * Fix some testing XML files checkout with incorrect eol * Fixed regressions: #163 and #194 * Don't ignore valid SCM files * Fix regression causingencoding error when parsing a ISO-8859-1 xml sbt: * Fix build against maven 3.9.2 (jsc#SLE-23217) xmvn: * Version update from 4.0.0 to 4.2.0 (jsc#SLE-23217): * Make XMvn Resolver log to XMvn Logger * Make XMvn Subst log to XMvn Logger * Depend on junit-jupiter-api instead of junit-jupiter * Suppress deprecation warnings in MavenExtensionTest * Remove XMvn Connector dependency on Plexus Utils * Remove XMvn MOJO dependency on Plexus Utils * Port XMvn MOJO from Xpp3Dom to StAX * Update Maven to version 3.9.1 * Don't pass duplicate --patch-module to javadoc * Make Javadoc MOJO respect ignoreJPMS configuration flag * Propagate javadoc output througt Logger * Remove dependency on Plexus Classworlds * Remove unneeded managed dependency on maven-invoker * Use ServiceLocator to find Logger * Use parametrized logging feature * Use XMvn Logger instead of Plexus Logger * Get rid of Slf4jLoggerAdapter * Drop support for Gossip logger * Move XMvn Logger to API module * Ignore JPMS when all modules are automatic * Refactor Javadoc MOJO * Make Javadoc not fail when no sources are found * Add an integration test for javadoc generation with module-info.java but no sources * Add an integration test for javadoc generation with Automatic-Module-Name * Make Javadoc MOJO work in case one of JPMS modules has no sources * Prioritize certain XMvn components over Maven components * Port XMvn MOJO to JSR-330 * Refactor XMvnMojoExecutionConfigurator * Make builddep MOJO compatible with Maven 4 * Port to JSR-330 * Get rid of ModelProcessor * Refactor XMvnModelValidator * Refactor XMvnToolchainManager * Convert lambda to method reference * Improve Javadoc MOJO JPMS support * Add a test case for JPMS javadoc generation with remote dependencies * Add a test case for JPMS multimodule javadoc generation * Exclude src/test/resources-filtered/** from RAT * Fix scope of xmvn-mojo dependency on plexus-utils * `--module-path` not allowed with release=8 * Mimic maven-javadoc-plugin for -source and --release * testJavadocJPMS needs a modular java * Let modello generate source 8 * Add a jdk9+ profile to assure that we are jdk8 compatible * Revert "Use new Collection methods added in Java 9" * Revert "Update compiler source/target to JDK 11" * Restore possibility to build with Java 8 * Simple implementation of toolchains https://github.com/fedora- java/xmvn/issues/142 * Port to Modello 2.0.0 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3319=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3319=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3319=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3319=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3319=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3319=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3319=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3319=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3319=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3319=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3319=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3319=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3319=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3319=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3319=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * SUSE Enterprise Storage 7.1 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * SUSE Enterprise Storage 7 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * SUSE Enterprise Storage 7 (aarch64 x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * openSUSE Leap 15.4 (noarch) * xmvn-tools-javadoc-4.2.0-150200.3.11.4 * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-javadoc-3.9.2-150200.4.15.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * plexus-utils-javadoc-3.5.1-150200.3.8.3 * maven-resolver-api-1.9.12-150200.3.11.6 * beust-jcommander-1.82-150200.3.10.2 * xmvn-parent-4.2.0-150200.3.11.3 * sbt-0.13.18-150200.4.13.8 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-wagon-ssh-external-3.5.3-150200.3.8.6 * sbt-bootstrap-0.13.18-150200.4.13.8 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-transport-classpath-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-wagon-ssh-common-3.5.3-150200.3.8.6 * aopalliance-javadoc-1.0-150200.3.8.3 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-lightweight-3.5.3-150200.3.8.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * xmvn-connector-javadoc-4.2.0-150200.3.11.14 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-wagon-ftp-3.5.3-150200.3.8.6 * xmvn-mojo-javadoc-4.2.0-150200.3.11.14 * beust-jcommander-javadoc-1.82-150200.3.10.2 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-install-plugin-3.1.1-150200.3.8.14 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-ssh-3.5.3-150200.3.8.6 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-resolver-test-util-1.9.12-150200.3.11.6 * maven-wagon-javadoc-3.5.3-150200.3.8.6 * maven-resolver-1.9.12-150200.3.11.6 * maven-install-plugin-javadoc-3.1.1-150200.3.8.14 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-javadoc-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * openSUSE Leap 15.5 (noarch) * xmvn-tools-javadoc-4.2.0-150200.3.11.4 * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-javadoc-3.9.2-150200.4.15.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * plexus-utils-javadoc-3.5.1-150200.3.8.3 * maven-resolver-api-1.9.12-150200.3.11.6 * beust-jcommander-1.82-150200.3.10.2 * xmvn-parent-4.2.0-150200.3.11.3 * sbt-0.13.18-150200.4.13.8 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-wagon-ssh-external-3.5.3-150200.3.8.6 * sbt-bootstrap-0.13.18-150200.4.13.8 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-transport-classpath-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-wagon-ssh-common-3.5.3-150200.3.8.6 * aopalliance-javadoc-1.0-150200.3.8.3 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-lightweight-3.5.3-150200.3.8.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * xmvn-connector-javadoc-4.2.0-150200.3.11.14 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-wagon-ftp-3.5.3-150200.3.8.6 * xmvn-mojo-javadoc-4.2.0-150200.3.11.14 * beust-jcommander-javadoc-1.82-150200.3.10.2 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-install-plugin-3.1.1-150200.3.8.14 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-ssh-3.5.3-150200.3.8.6 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-resolver-test-util-1.9.12-150200.3.11.6 * maven-wagon-javadoc-3.5.3-150200.3.8.6 * maven-resolver-1.9.12-150200.3.11.6 * maven-install-plugin-javadoc-3.1.1-150200.3.8.14 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-javadoc-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * Development Tools Module 15-SP4 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * Development Tools Module 15-SP5 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * SUSE Package Hub 15 15-SP5 (noarch) * sbt-0.13.18-150200.4.13.8 * sbt-bootstrap-0.13.18-150200.4.13.8 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * maven-resolver-spi-1.9.12-150200.3.11.6 * maven-wagon-http-3.5.3-150200.3.8.6 * xmvn-subst-4.2.0-150200.3.11.4 * beust-jcommander-1.82-150200.3.10.2 * xmvn-install-4.2.0-150200.3.11.4 * plexus-utils-3.5.1-150200.3.8.3 * maven-resolver-transport-file-1.9.12-150200.3.11.6 * maven-resolver-named-locks-1.9.12-150200.3.11.6 * maven-resolver-util-1.9.12-150200.3.11.6 * maven-wagon-http-shared-3.5.3-150200.3.8.6 * aopalliance-1.0-150200.3.8.3 * maven-resolver-transport-http-1.9.12-150200.3.11.6 * maven-resolver-impl-1.9.12-150200.3.11.6 * maven-resolver-connector-basic-1.9.12-150200.3.11.6 * xmvn-connector-4.2.0-150200.3.11.14 * xmvn-mojo-4.2.0-150200.3.11.14 * maven-wagon-provider-api-3.5.3-150200.3.8.6 * xmvn-api-4.2.0-150200.3.11.4 * xmvn-resolve-4.2.0-150200.3.11.4 * xmvn-core-4.2.0-150200.3.11.4 * maven-wagon-file-3.5.3-150200.3.8.6 * maven-resolver-api-1.9.12-150200.3.11.6 * maven-resolver-transport-wagon-1.9.12-150200.3.11.6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * maven-3.9.2-150200.4.15.6 * maven-lib-3.9.2-150200.4.15.6 * xmvn-minimal-4.2.0-150200.3.11.4 * xmvn-4.2.0-150200.3.11.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211198 * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 15 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Aug 2023 20:30:04 -0000 Subject: SUSE-RU-2023:3323-1: moderate: Recommended update for go1.21 Message-ID: <169213140465.12860.4648838473563983082@smelt2.suse.de> # Recommended update for go1.21 Announcement ID: SUSE-RU-2023:3323-1 Rating: moderate References: * #1212475 * #1212667 * #1212669 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for go1.21 fixes the following issues: go1.21 (released 2023-08-08) is a major release of Go. go1.21.x minor releases will be provided through August 2024. https://github.com/golang/go/wiki/Go-Release-Cycle go1.21 arrives six months after go1.20. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Go 1.21 introduces a small change to the numbering of releases. In the past, we used Go 1.N to refer to both the overall Go language version and release family as well as the first release in that family. Starting in Go 1.21, the first release is now Go 1.N.0. Today we are releasing both the Go 1.21 language and its initial implementation, the Go 1.21.0 release. These notes refer to "Go 1.21"; tools like go version will report "go1.21.0" (until you upgrade to Go 1.21.1). See "Go versions" in the "Go Toolchains" documentation for details about the new version numbering. * Language change: Go 1.21 adds three new built-ins to the language. * Language change: The new functions min and max compute the smallest (or largest, for max) value of a fixed number of given arguments. See the language spec for details. * Language change: The new function clear deletes all elements from a map or zeroes all elements of a slice. See the language spec for details. * Package initialization order is now specified more precisely. This may change the behavior of some programs that rely on a specific initialization ordering that was not expressed by explicit imports. The behavior of such programs was not well defined by the spec in past releases. The new rule provides an unambiguous definition. * Multiple improvements that increase the power and precision of type inference have been made. * A (possibly partially instantiated generic) function may now be called with arguments that are themselves (possibly partially instantiated) generic functions. * Type inference now also considers methods when a value is assigned to an interface: type arguments for type parameters used in method signatures may be inferred from the corresponding parameter types of matching methods. * Similarly, since a type argument must implement all the methods of its corresponding constraint, the methods of the type argument and constraint are matched which may lead to the inference of additional type arguments. * If multiple untyped constant arguments of different kinds (such as an untyped int and an untyped floating-point constant) are passed to parameters with the same (not otherwise specified) type parameter type, instead of an error, now type inference determines the type using the same approach as an operator with untyped constant operands. This change brings the types inferred from untyped constant arguments in line with the types of constant expressions. * Type inference is now precise when matching corresponding types in assignments * The description of type inference in the language spec has been clarified. * Go 1.21 includes a preview of a language change we are considering for a future version of Go: making for loop variables per-iteration instead of per-loop, to avoid accidental sharing bugs. For details about how to try that language change, see the LoopvarExperiment wiki page. * Go 1.21 now defines that if a goroutine is panicking and recover was called directly by a deferred function, the return value of recover is guaranteed not to be nil. To ensure this, calling panic with a nil interface value (or an untyped nil) causes a run-time panic of type *runtime.PanicNilError. To support programs written for older versions of Go, nil panics can be re- enabled by setting GODEBUG=panicnil=1. This setting is enabled automatically when compiling a program whose main package is in a module with that declares go 1.20 or earlier. * Go 1.21 adds improved support for backwards compatibility and forwards compatibility in the Go toolchain. * To improve backwards compatibility, Go 1.21 formalizes Go's use of the GODEBUG environment variable to control the default behavior for changes that are non-breaking according to the compatibility policy but nonetheless may cause existing programs to break. (For example, programs that depend on buggy behavior may break when a bug is fixed, but bug fixes are not considered breaking changes.) When Go must make this kind of behavior change, it now chooses between the old and new behavior based on the go line in the workspace's go.work file or else the main module's go.mod file. Upgrading to a new Go toolchain but leaving the go line set to its original (older) Go version preserves the behavior of the older toolchain. With this compatibility support, the latest Go toolchain should always be the best, most secure, implementation of an older version of Go. See "Go, Backwards Compatibility, and GODEBUG" for details. * To improve forwards compatibility, Go 1.21 now reads the go line in a go.work or go.mod file as a strict minimum requirement: go 1.21.0 means that the workspace or module cannot be used with Go 1.20 or with Go 1.21rc1. This allows projects that depend on fixes made in later versions of Go to ensure that they are not used with earlier versions. It also gives better error reporting for projects that make use of new Go features: when the problem is that a newer Go version is needed, that problem is reported clearly, instead of attempting to build the code and instead printing errors about unresolved imports or syntax errors. * To make these new stricter version requirements easier to manage, the go command can now invoke not just the toolchain bundled in its own release but also other Go toolchain versions found in the PATH or downloaded on demand. If a go.mod or go.work go line declares a minimum requirement on a newer version of Go, the go command will find and run that version automatically. The new toolchain directive sets a suggested minimum toolchain to use, which may be newer than the strict go minimum. See "Go Toolchains" for details. * go command: The -pgo build flag now defaults to -pgo=auto, and the restriction of specifying a single main package on the command line is now removed. If a file named default.pgo is present in the main package's directory, the go command will use it to enable profile-guided optimization for building the corresponding program. * go command: The -C dir flag must now be the first flag on the command-line when used. * go command: The new go test option -fullpath prints full path names in test log messages, rather than just base names. * go command: The go test -c flag now supports writing test binaries for multiple packages, each to pkg.test where pkg is the package name. It is an error if more than one test package being compiled has a given package name.] * go command: The go test -o flag now accepts a directory argument, in which case test binaries are written to that directory instead of the current directory. * cgo: In files that import "C", the Go toolchain now correctly reports errors for attempts to declare Go methods on C types. * runtime: When printing very deep stacks, the runtime now prints the first 50 (innermost) frames followed by the bottom 50 (outermost) frames, rather than just printing the first 100 frames. This makes it easier to see how deeply recursive stacks started, and is especially valuable for debugging stack overflows. * runtime: On Linux platforms that support transparent huge pages, the Go runtime now manages which parts of the heap may be backed by huge pages more explicitly. This leads to better utilization of memory: small heaps should see less memory used (up to 50% in pathological cases) while large heaps should see fewer broken huge pages for dense parts of the heap, improving CPU usage and latency by up to 1%. * runtime: As a result of runtime-internal garbage collection tuning, applications may see up to a 40% reduction in application tail latency and a small decrease in memory use. Some applications may also observe a small loss in throughput. The memory use decrease should be proportional to the loss in throughput, such that the previous release's throughput/memory tradeoff may be recovered (with little change to latency) by increasing GOGC and/or GOMEMLIMIT slightly. * runtime: Calls from C to Go on threads created in C require some setup to prepare for Go execution. On Unix platforms, this setup is now preserved across multiple calls from the same thread. This significantly reduces the overhead of subsequent C to Go calls from ~1-3 microseconds per call to ~100-200 nanoseconds per call. * compiler: Profile-guide optimization (PGO), added as a preview in Go 1.20, is now ready for general use. PGO enables additional optimizations on code identified as hot by profiles of production workloads. As mentioned in the Go command section, PGO is enabled by default for binaries that contain a default.pgo profile in the main package directory. Performance improvements vary depending on application behavior, with most programs from a representative set of Go programs seeing between 2 and 7% improvement from enabling PGO. See the PGO user guide for detailed documentation. * compiler: PGO builds can now devirtualize some interface method calls, adding a concrete call to the most common callee. This enables further optimization, such as inlining the callee. * compiler: Go 1.21 improves build speed by up to 6%, largely thanks to building the compiler itself with PGO. * assembler: On amd64, frameless nosplit assembly functions are no longer automatically marked as NOFRAME. Instead, the NOFRAME attribute must be explicitly specified if desired, which is already the behavior on other architectures supporting frame pointers. With this, the runtime now maintains the frame pointers for stack transitions. * assembler: The verifier that checks for incorrect uses of R15 when dynamic linking on amd64 has been improved. * linker: On windows/amd64, the linker (with help from the compiler) now emits SEH unwinding data by default, which improves the integration of Go applications with Windows debuggers and other tools. * linker: In Go 1.21 the linker (with help from the compiler) is now capable of deleting dead (unreferenced) global map variables, if the number of entries in the variable initializer is sufficiently large, and if the initializer expressions are side-effect free. * core library: The new log/slog package provides structured logging with levels. Structured logging emits key-value pairs to enable fast, accurate processing of large amounts of log data. The package supports integration with popular log analysis tools and services. * core library: The new testing/slogtest package can help to validate slog.Handler implementations. * core library: The new slices package provides many common operations on slices, using generic functions that work with slices of any element type. * core library: The new maps package provides several common operations on maps, using generic functions that work with maps of any key or element type. * core library: The new cmp package defines the type constraint Ordered and two new generic functions Less and Compare that are useful with ordered types. * Minor changes to the library: As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. There are also various performance improvements, not enumerated here. * archive/tar: The implementation of the io/fs.FileInfo interface returned by Header.FileInfo now implements a String method that calls io/fs.FormatFileInfo. * archive/zip: The implementation of the io/fs.FileInfo interface returned by FileHeader.FileInfo now implements a String method that calls io/fs.FormatFileInfo. * archive/zip: The implementation of the io/fs.DirEntry interface returned by the io/fs.ReadDirFile.ReadDir method of the io/fs.File returned by Reader.Open now implements a String method that calls io/fs.FormatDirEntry. * bytes: The Buffer type has two new methods: Available and AvailableBuffer. These may be used along with the Write method to append directly to the Buffer. * context: The new WithoutCancel function returns a copy of a context that is not canceled when the original context is canceled. * context: The new WithDeadlineCause and WithTimeoutCause functions provide a way to set a context cancellation cause when a deadline or timer expires. The cause may be retrieved with the Cause function. * context: The new AfterFunc function registers a function to run after a context has been cancelled. * context: An optimization means that the results of calling Background and TODO and converting them to a shared type can be considered equal. In previous releases they were always different. Comparing Context values for equality has never been well-defined, so this is not considered to be an incompatible change. * crypto/ecdsa: PublicKey.Equal and PrivateKey.Equal now execute in constant time. * crypto/elliptic: All of the Curve methods have been deprecated, along with GenerateKey, Marshal, and Unmarshal. For ECDH operations, the new crypto/ecdh package should be used instead. For lower-level operations, use third-party modules such as filippo.io/nistec. * crypto/rand: The crypto/rand package now uses the getrandom system call on NetBSD 10.0 and later. * crypto/rsa: The performance of private RSA operations (decryption and signing) is now better than Go 1.19 for GOARCH=amd64 and GOARCH=arm64. It had regressed in Go 1.20. * crypto/rsa: Due to the addition of private fields to PrecomputedValues, PrivateKey.Precompute must be called for optimal performance even if deserializing (for example from JSON) a previously-precomputed private key. * crypto/rsa: PublicKey.Equal and PrivateKey.Equal now execute in constant time. * crypto/rsa: The GenerateMultiPrimeKey function and the PrecomputedValues.CRTValues field have been deprecated. PrecomputedValues.CRTValues will still be populated when PrivateKey.Precompute is called, but the values will not be used during decryption operations. * crypto/sha256: SHA-224 and SHA-256 operations now use native instructions when available when GOARCH=amd64, providing a performance improvement on the order of 3-4x. * crypto/tls: Servers now skip verifying client certificates (including not running Config.VerifyPeerCertificate) for resumed connections, besides checking the expiration time. This makes session tickets larger when client certificates are in use. Clients were already skipping verification on resumption, but now check the expiration time even if Config.InsecureSkipVerify is set. * crypto/tls: Applications can now control the content of session tickets. * crypto/tls: The new SessionState type describes a resumable session. * crypto/tls: The SessionState.Bytes method and ParseSessionState function serialize and deserialize a SessionState. * crypto/tls: The Config.WrapSession and Config.UnwrapSession hooks convert a SessionState to and from a ticket on the server side. * crypto/tls: The Config.EncryptTicket and Config.DecryptTicket methods provide a default implementation of WrapSession and UnwrapSession. * crypto/tls: The ClientSessionState.ResumptionState method and NewResumptionState function may be used by a ClientSessionCache implementation to store and resume sessions on the client side. * crypto/tls: To reduce the potential for session tickets to be used as a tracking mechanism across connections, the server now issues new tickets on every resumption (if they are supported and not disabled) and tickets don't bear an identifier for the key that encrypted them anymore. If passing a large number of keys to Conn.SetSessionTicketKeys, this might lead to a noticeable performance cost. * crypto/tls: Both clients and servers now implement the Extended Master Secret extension (RFC 7627). The deprecation of ConnectionState.TLSUnique has been reverted, and is now set for resumed connections that support Extended Master Secret. * crypto/tls: The new QUICConn type provides support for QUIC implementations, including 0-RTT support. Note that this is not itself a QUIC implementation, and 0-RTT is still not supported in TLS. * crypto/tls: The new VersionName function returns the name for a TLS version number. * crypto/tls: The TLS alert codes sent from the server for client authentication failures have been improved. Previously, these failures always resulted in a "bad certificate" alert. Now, certain failures will result in more appropriate alert codes, as defined by RFC 5246 and RFC 8446: * crypto/tls: For TLS 1.3 connections, if the server is configured to require client authentication using RequireAnyClientCert or RequireAndVerifyClientCert, and the client does not provide any certificate, the server will now return the "certificate required" alert. * crypto/tls: If the client provides a certificate that is not signed by the set of trusted certificate authorities configured on the server, the server will return the "unknown certificate authority" alert. * crypto/tls: If the client provides a certificate that is either expired or not yet valid, the server will return the "expired certificate" alert. * crypto/tls: In all other scenarios related to client authentication failures, the server still returns "bad certificate". * crypto/x509: RevocationList.RevokedCertificates has been deprecated and replaced with the new RevokedCertificateEntries field, which is a slice of RevocationListEntry. RevocationListEntry contains all of the fields in pkix.RevokedCertificate, as well as the revocation reason code. * crypto/x509: Name constraints are now correctly enforced on non-leaf certificates, and not on the certificates where they are expressed. * debug/elf: The new File.DynValue method may be used to retrieve the numeric values listed with a given dynamic tag. * debug/elf: The constant flags permitted in a DT_FLAGS_1 dynamic tag are now defined with type DynFlag1. These tags have names starting with DF_1. * debug/elf: The package now defines the constant COMPRESS_ZSTD. * debug/elf: The package now defines the constant R_PPC64_REL24_P9NOTOC. * debug/pe: Attempts to read from a section containing uninitialized data using Section.Data or the reader returned by Section.Open now return an error. * embed: The io/fs.File returned by FS.Open now has a ReadAt method that implements io.ReaderAt. * embed: Calling FS.Open.Stat will return a type that now implements a String method that calls io/fs.FormatFileInfo. * errors: The new ErrUnsupported error provides a standardized way to indicate that a requested operation may not be performed because it is unsupported. For example, a call to os.Link when using a file system that does not support hard links. * flag: The new BoolFunc function and FlagSet.BoolFunc method define a flag that does not require an argument and calls a function when the flag is used. This is similar to Func but for a boolean flag. * flag: A flag definition (via Bool, BoolVar, Int, IntVar, etc.) will panic if Set has already been called on a flag with the same name. This change is intended to detect cases where changes in initialization order cause flag operations to occur in a different order than expected. In many cases the fix to this problem is to introduce a explicit package dependence to correctly order the definition before any Set operations. * go/ast: The new IsGenerated predicate reports whether a file syntax tree contains the special comment that conventionally indicates that the file was generated by a tool. * go/ast: The new File.GoVersion field records the minimum Go version required by any //go:build or // +build directives. * go/build: The package now parses build directives (comments that start with //go:) in file headers (before the package declaration). These directives are available in the new Package fields Directives, TestDirectives, and XTestDirectives. * go/build/constraint: The new GoVersion function returns the minimum Go version implied by a build expression. * go/token: The new File.Lines method returns the file's line-number table in the same form as accepted by File.SetLines. * go/types: The new Package.GoVersion method returns the Go language version used to check the package. * hash/maphash: The hash/maphash package now has a pure Go implementation, selectable with the purego build tag. * html/template: The new error ErrJSTemplate is returned when an action appears in a JavaScript template literal. Previously an unexported error was returned. * io/fs: The new FormatFileInfo function returns a formatted version of a FileInfo. The new FormatDirEntry function returns a formatted version of a DirEntry. The implementation of DirEntry returned by ReadDir now implements a String method that calls FormatDirEntry, and the same is true for the DirEntry value passed to WalkDirFunc. * math/big: The new Int.Float64 method returns the nearest floating-point value to a multi-precision integer, along with an indication of any rounding that occurred. * net: On Linux, the net package can now use Multipath TCP when the kernel supports it. It is not used by default. To use Multipath TCP when available on a client, call the Dialer.SetMultipathTCP method before calling the Dialer.Dial or Dialer.DialContext methods. To use Multipath TCP when available on a server, call the ListenConfig.SetMultipathTCP method before calling the ListenConfig.Listen method. Specify the network as "tcp" or "tcp4" or "tcp6" as usual. If Multipath TCP is not supported by the kernel or the remote host, the connection will silently fall back to TCP. To test whether a particular connection is using Multipath TCP, use the TCPConn.MultipathTCP method. * net: In a future Go release we may enable Multipath TCP by default on systems that support it. * net/http: The new ResponseController.EnableFullDuplex method allows server handlers to concurrently read from an HTTP/1 request body while writing the response. Normally, the HTTP/1 server automatically consumes any remaining request body before starting to write the response, to avoid deadlocking clients which attempt to write a complete request before reading the response. The EnableFullDuplex method disables this behavior. * net/http: The new ErrSchemeMismatch error is returned by Client and Transport when the server responds to an HTTPS request with an HTTP response. * net/http: The net/http package now supports errors.ErrUnsupported, in that the expression errors.Is(http.ErrNotSupported, errors.ErrUnsupported) will return true. * os: Programs may now pass an empty time.Time value to the Chtimes function to leave either the access time or the modification time unchanged. * os: On Windows the File.Chdir method now changes the current directory to the file, rather than always returning an error. * os: On Unix systems, if a non-blocking descriptor is passed to NewFile, calling the File.Fd method will now return a non-blocking descriptor. Previously the descriptor was converted to blocking mode. * os: On Windows calling Truncate on a non-existent file used to create an empty file. It now returns an error indicating that the file does not exist. * os: On Windows calling TempDir now uses GetTempPath2W when available, instead of GetTempPathW. The new behavior is a security hardening measure that prevents temporary files created by processes running as SYSTEM to be accessed by non-SYSTEM processes. * os: On Windows the os package now supports working with files whose names, stored as UTF-16, can't be represented as valid UTF-8. * os: On Windows Lstat now resolves symbolic links for paths ending with a path separator, consistent with its behavior on POSIX platforms. * os: The implementation of the io/fs.DirEntry interface returned by the ReadDir function and the File.ReadDir method now implements a String method that calls io/fs.FormatDirEntry. * os: The implementation of the io/fs.FS interface returned by the DirFS function now implements the io/fs.ReadFileFS and the io/fs.ReadDirFS interfaces. * path/filepath: The implementation of the io/fs.DirEntry interface passed to the function argument of WalkDir now implements a String method that calls io/fs.FormatDirEntry. * reflect: In Go 1.21, ValueOf no longer forces its argument to be allocated on the heap, allowing a Value's content to be allocated on the stack. Most operations on a Value also allow the underlying value to be stack allocated. * reflect: The new Value method Value.Clear clears the contents of a map or zeros the contents of a slice. This corresponds to the new clear built-in added to the language. * reflect: The SliceHeader and StringHeader types are now deprecated. In new code prefer unsafe.Slice, unsafe.SliceData, unsafe.String, or unsafe.StringData. * regexp: Regexp now defines MarshalText and UnmarshalText methods. These implement encoding.TextMarshaler and encoding.TextUnmarshaler and will be used by packages such as encoding/json. * runtime: Textual stack traces produced by Go programs, such as those produced when crashing, calling runtime.Stack, or collecting a goroutine profile with debug=2, now include the IDs of the goroutines that created each goroutine in the stack trace. * runtime: Crashing Go applications can now opt-in to Windows Error Reporting (WER) by setting the environment variable GOTRACEBACK=wer or calling debug.SetTraceback("wer") before the crash. Other than enabling WER, the runtime will behave as with GOTRACEBACK=crash. On non-Windows systems, GOTRACEBACK=wer is ignored. * runtime: GODEBUG=cgocheck=2, a thorough checker of cgo pointer passing rules, is no longer available as a debug option. Instead, it is available as an experiment using GOEXPERIMENT=cgocheck2. In particular this means that this mode has to be selected at build time instead of startup time. * runtime: GODEBUG=cgocheck=1 is still available (and is still the default). * runtime: A new type Pinner has been added to the runtime package. Pinners may be used to "pin" Go memory such that it may be used more freely by non- Go code. For instance, passing Go values that reference pinned Go memory to C code is now allowed. Previously, passing any such nested reference was disallowed by the cgo pointer passing rules. See the docs for more details. * runtime/metrics: A few previously-internal GC metrics, such as live heap size, are now available. GOGC and GOMEMLIMIT are also now available as metrics. * runtime/trace: Collecting traces on amd64 and arm64 now incurs a substantially smaller CPU cost: up to a 10x improvement over the previous release. * runtime/trace: Traces now contain explicit stop-the-world events for every reason the Go runtime might stop-the-world, not just garbage collection. * sync: The new OnceFunc, OnceValue, and OnceValues functions capture a common use of Once to lazily initialize a value on first use. * syscall: On Windows the Fchdir function now changes the current directory to its argument, rather than always returning an error. * syscall: On FreeBSD SysProcAttr has a new field Jail that may be used to put the newly created process in a jailed environment. * syscall: On Windows the syscall package now supports working with files whose names, stored as UTF-16, can't be represented as valid UTF-8. The UTF16ToString and UTF16FromString functions now convert between UTF-16 data and WTF-8 strings. This is backward compatible as WTF-8 is a superset of the UTF-8 format that was used in earlier releases. * syscall: Several error values match the new errors.ErrUnsupported, such that errors.Is(err, errors.ErrUnsupported) returns true. ENOSYS ENOTSUP EOPNOTSUPP EPLAN9 (Plan 9 only) ERROR_CALL_NOT_IMPLEMENTED (Windows only) ERROR_NOT_SUPPORTED (Windows only) EWINDOWS (Windows only) * testing: The new -test.fullpath option will print full path names in test log messages, rather than just base names. * testing: The new Testing function reports whether the program is a test created by go test. * testing/fstest: Calling Open.Stat will return a type that now implements a String method that calls io/fs.FormatFileInfo. * unicode: The unicode package and associated support throughout the system has been upgraded to Unicode 15.0.0. * Darwin port: As announced in the Go 1.20 release notes, Go 1.21 requires macOS 10.15 Catalina or later; support for previous versions has been discontinued. * Windows port: As announced in the Go 1.20 release notes, Go 1.21 requires at least Windows 10 or Windows Server 2016; support for previous versions has been discontinued. * WebAssembly port: The new go:wasmimport directive can now be used in Go programs to import functions from the WebAssembly host. * WebAssembly port: The Go scheduler now interacts much more efficiently with the JavaScript event loop, especially in applications that block frequently on asynchronous events. * WebAssembly System Interface port: Go 1.21 adds an experimental port to the WebAssembly System Interface (WASI), Preview 1 (GOOS=wasip1, GOARCH=wasm). * WebAssembly System Interface port: As a result of the addition of the new GOOS value "wasip1", Go files named *_wasip1.go will now be ignored by Go tools except when that GOOS value is being used. If you have existing filenames matching that pattern, you will need to rename them. * ppc64/ppc64le port: On Linux, GOPPC64=power10 now generates PC-relative instructions, prefixed instructions, and other new Power10 instructions. On AIX, GOPPC64=power10 generates Power10 instructions, but does not generate PC-relative instructions. * ppc64/ppc64le port: When building position-independent binaries for GOPPC64=power10 GOOS=linux GOARCH=ppc64le, users can expect reduced binary sizes in most cases, in some cases 3.5%. Position-independent binaries are built for ppc64le with the following -buildmode values: c-archive, c-shared, shared, pie, plugin. * loong64 port: The linux/loong64 port now supports -buildmode=c-archive, -buildmode=c-shared and -buildmode=pie. * go1.21+ change default GOTOOLCHAIN=auto to local to prevent go tool commands from downloading upstream go1.x toolchain binaries * go1.21+ introduce new default behavior that can download additional versions of go1.x toolchain binaries built by upstream. See https://go.dev/doc/toolchain for details. The go tool would attempt toolchain downloads as needed to satisfy a minimum go version specified in go.mod of the program containing main() or any of its dependencies. * Users can override the default GOTOOLCHAIN setting with go env -w, stored in in ~/.config/go/env. * Add missing go.env to package. go.env sets defaults including: GOPROXY GOSUMDB GOTOOLCHAIN * Starting in go1.21+ a missing go.env defaults to GOPROXY='' resulting in errors e.g. with online cmds e.g. go mod download: "GOPROXY list is not the empty string, but contains no entries" It is not clear why GOPROXY='' is not evaluated as "the empty string". ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3323=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3323=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3323=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3323=1 ## Package List: * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.0-150000.1.3.1 * go1.21-doc-1.21.0-150000.1.3.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.21-race-1.21.0-150000.1.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.0-150000.1.3.1 * go1.21-doc-1.21.0-150000.1.3.1 * go1.21-race-1.21.0-150000.1.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.0-150000.1.3.1 * go1.21-doc-1.21.0-150000.1.3.1 * go1.21-race-1.21.0-150000.1.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-1.21.0-150000.1.3.1 * go1.21-doc-1.21.0-150000.1.3.1 * go1.21-race-1.21.0-150000.1.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1212667 * https://bugzilla.suse.com/show_bug.cgi?id=1212669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 16 08:31:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Aug 2023 08:31:12 -0000 Subject: SUSE-RU-2023:3331-1: moderate: Recommended update for salt-shaptools Message-ID: <169217467216.24047.9009412123536343212@smelt2.suse.de> # Recommended update for salt-shaptools Announcement ID: SUSE-RU-2023:3331-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that can now be installed. ## Description: This update for salt-shaptools fixes the following issues: * Version 0.3.18 * Salt no longer vendors six (>=salt-3006.0) https://github.com/saltstack/salt/issues/63874 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3331=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3331=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-3331=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-3331=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-3331=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3331=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3331=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-3331=1 ## Package List: * openSUSE Leap 15.4 (noarch) * salt-shaptools-0.3.18+git.1690200022.db379c1-150200.3.12.1 * openSUSE Leap 15.5 (noarch) * salt-shaptools-0.3.18+git.1690200022.db379c1-150200.3.12.1 * SAP Applications Module 15-SP2 (noarch) * salt-shaptools-0.3.18+git.1690200022.db379c1-150200.3.12.1 * SAP Applications Module 15-SP3 (noarch) * salt-shaptools-0.3.18+git.1690200022.db379c1-150200.3.12.1 * SAP Applications Module 15-SP4 (noarch) * salt-shaptools-0.3.18+git.1690200022.db379c1-150200.3.12.1 * SAP Applications Module 15-SP5 (noarch) * salt-shaptools-0.3.18+git.1690200022.db379c1-150200.3.12.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * salt-shaptools-0.3.18+git.1690200022.db379c1-150200.3.12.1 * SUSE Manager Server 4.3 Module 4.3 (noarch) * salt-shaptools-0.3.18+git.1690200022.db379c1-150200.3.12.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 16 08:31:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Aug 2023 08:31:14 -0000 Subject: SUSE-RU-2023:3330-1: important: Recommended update for python-pyasn1 Message-ID: <169217467496.24047.7749421951298416118@smelt2.suse.de> # Recommended update for python-pyasn1 Announcement ID: SUSE-RU-2023:3330-1 Rating: important References: * #1207805 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for python-pyasn1 fixes the following issues: * To avoid users of this package having to recompile bytecode files, change the mtime of any **init**.py. (bsc#1207805) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3330=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3330=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3330=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3330=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3330=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3330=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3330=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3330=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3330=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3330=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3330=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3330=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3330=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3330=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3330=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3330=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3330=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3330=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3330=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3330=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3330=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3330=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3330=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3330=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3330=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3330=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3330=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3330=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3330=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * openSUSE Leap Micro 5.4 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * openSUSE Leap 15.4 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * openSUSE Leap 15.5 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * Basesystem Module 15-SP4 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * Basesystem Module 15-SP5 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python2-pyasn1-0.4.2-150000.3.5.1 * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python2-pyasn1-0.4.2-150000.3.5.1 * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python2-pyasn1-0.4.2-150000.3.5.1 * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python2-pyasn1-0.4.2-150000.3.5.1 * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python2-pyasn1-0.4.2-150000.3.5.1 * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python2-pyasn1-0.4.2-150000.3.5.1 * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Manager Proxy 4.2 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Manager Server 4.2 (noarch) * python2-pyasn1-0.4.2-150000.3.5.1 * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Enterprise Storage 7 (noarch) * python2-pyasn1-0.4.2-150000.3.5.1 * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE CaaS Platform 4.0 (noarch) * python2-pyasn1-0.4.2-150000.3.5.1 * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-pyasn1-0.4.2-150000.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 16 08:31:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Aug 2023 08:31:21 -0000 Subject: SUSE-SU-2023:3329-1: important: Security update for the Linux Kernel Message-ID: <169217468167.24047.10435260283437855095@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3329-1 Rating: important References: * #1188885 * #1202670 * #1206418 * #1207526 * #1207528 * #1211738 * #1212266 * #1213167 * #1213287 * #1213350 * #1213585 * #1213586 * #1213588 * #1213705 * #1213747 * #1213766 * #1213819 * #1213823 * #1213825 * #1213827 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves seven vulnerabilities and has 13 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). The following non-security bugs were fixed: * fix double fget() in vhost_net_set_backend() (git-fixes). * nfsv4.1: always send a reclaim_complete after establishing lease (git- fixes). * sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). * sunrpc: remove the maximum number of retries in call_bind_status (git- fixes). * update suse/s390-dasd-fix-no-record-found-for-raw_track_access (git-fixes bsc#1212266 bsc#1207528). * update suse/scsi-zfcp-fix-missing-auto-port-scan-and-thus-missing-target- ports (git-fixes bsc#1202670). * block: fix a source code comment in include/uapi/linux/blkzoned.h (git- fixes). * kabi fix test * kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps") * livepatch: check kzalloc return values (git-fixes). * media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). * net: virtio_net_hdr_to_skb: count transport header in ufo (git-fixes). * nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). * powerpc/64: update speculation_store_bypass in /proc/<pid>/status (bsc#1188885 ltc#193722 git-fixes). * powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe they depend on config_toolchain_has__. * s390/cio: add dev_busid sysfs entry for each subchannel (bsc#1207526). * s390/cio: check the subchannel validity for dev_busid (bsc#1207526). * s390/cio: introduce io_subchannel_type (bsc#1207526). * s390/cpum_sf: adjust sampling interval to avoid hitting sample limits (git- fixes bsc#1213827). * s390/maccess: add no dat mode to kernel_write (git-fixes bsc#1213825). * s390/numa: move initial setup of node_to_cpumask_map (git-fixes bsc#1213766). * scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747). * scsi: qla2xxx: array index may go out of bound (bsc#1213747). * scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747). * scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747). * scsi: qla2xxx: correct the index of array (bsc#1213747). * scsi: qla2xxx: drop useless list_head (bsc#1213747). * scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747). * scsi: qla2xxx: fix tmf leak through (bsc#1213747). * scsi: qla2xxx: fix buffer overrun (bsc#1213747). * scsi: qla2xxx: fix command flush during tmf (bsc#1213747). * scsi: qla2xxx: fix deletion race condition (bsc#1213747). * scsi: qla2xxx: fix end of loop test (bsc#1213747). * scsi: qla2xxx: fix erroneous link up failure (bsc#1213747). * scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747). * scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747). * scsi: qla2xxx: fix session hang in gnl (bsc#1213747). * scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747). * scsi: qla2xxx: pointer may be dereferenced (bsc#1213747). * scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747). * scsi: qla2xxx: silence a static checker warning (bsc#1213747). * scsi: qla2xxx: turn off noisy message log (bsc#1213747). * scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747). * scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747). * scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747). * svcrdma: prevent page release when nothing was received (git-fixes). * vfio-ccw: prevent quiesce function going into an infinite loop (git-fixes bsc#1213819). * vfio-ccw: release any channel program when releasing/removing vfio-ccw mdev (git-fixes bsc#1213823). * vhost/test: fix build for vhost test (git-fixes). * vhost/vsock: use kvmalloc/kvfree for larger packets (git-fixes). * vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git- fixes). * vhost/vsock: fix incorrect used length reported to the guest (git-fixes). * vhost/vsock: fix packet delivery order to monitoring devices (git-fixes). * vhost/vsock: split packets to send using multiple buffers (git-fixes). * vhost: fix the calculation in vhost_overflow() (git-fixes). * vhost_net: disable zerocopy by default (git-fixes). * vhost_net: fix oob on sendmsg() failure (git-fixes). * virtio-balloon: fix managed page counts when migrating pages between zones (git-fixes). * virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). * virtio-net: keep stop() to follow mirror sequence of open() (git-fixes). * virtio-pci: remove wrong address verification in vp_del_vqs() (git-fixes). * virtio: improve vq->broken access to avoid any compiler optimization (git- fixes). * virtio_net: fix error handling in virtnet_restore() (git-fixes). * virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). * virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). * virtio_ring: fix querying of maximum dma mapping size for virtio device (git-fixes). * vringh: use wiov->used to check for read/write desc order (git-fixes). * vringh: fix __vringh_iov() when riov and wiov are different (git-fixes). * vsock/virtio: stop workers during the .remove() (git-fixes). * vsock/virtio: use rcu to avoid use-after-free on the_virtio_vsock (git- fixes). * xen/blkfront: Only check REQ_FUA for writes (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-3329=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * ocfs2-kmp-rt-debuginfo-4.12.14-10.138.1 * dlm-kmp-rt-debuginfo-4.12.14-10.138.1 * ocfs2-kmp-rt-4.12.14-10.138.1 * kernel-rt-debuginfo-4.12.14-10.138.1 * kernel-rt-debugsource-4.12.14-10.138.1 * dlm-kmp-rt-4.12.14-10.138.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.138.1 * kernel-rt-devel-debuginfo-4.12.14-10.138.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.138.1 * cluster-md-kmp-rt-4.12.14-10.138.1 * kernel-rt_debug-debugsource-4.12.14-10.138.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.138.1 * kernel-rt-base-4.12.14-10.138.1 * kernel-rt_debug-debuginfo-4.12.14-10.138.1 * kernel-syms-rt-4.12.14-10.138.1 * kernel-rt_debug-devel-4.12.14-10.138.1 * gfs2-kmp-rt-4.12.14-10.138.1 * kernel-rt-devel-4.12.14-10.138.1 * kernel-rt-base-debuginfo-4.12.14-10.138.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-source-rt-4.12.14-10.138.1 * kernel-devel-rt-4.12.14-10.138.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.138.1 * kernel-rt_debug-4.12.14-10.138.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1202670 * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207526 * https://bugzilla.suse.com/show_bug.cgi?id=1207528 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1212266 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213350 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213747 * https://bugzilla.suse.com/show_bug.cgi?id=1213766 * https://bugzilla.suse.com/show_bug.cgi?id=1213819 * https://bugzilla.suse.com/show_bug.cgi?id=1213823 * https://bugzilla.suse.com/show_bug.cgi?id=1213825 * https://bugzilla.suse.com/show_bug.cgi?id=1213827 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 16 08:31:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Aug 2023 08:31:23 -0000 Subject: SUSE-SU-2023:3328-1: moderate: Security update for pcre2 Message-ID: <169217468368.24047.14787747855893715571@smelt2.suse.de> # Security update for pcre2 Announcement ID: SUSE-SU-2023:3328-1 Rating: moderate References: * #1213514 Cross-References: * CVE-2022-41409 CVSS scores: * CVE-2022-41409 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41409 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for pcre2 fixes the following issues: * CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3328=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3328=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3328=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3328=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * pcre2-devel-10.34-1.13.1 * pcre2-tools-debuginfo-10.34-1.13.1 * pcre2-debugsource-10.34-1.13.1 * pcre2-devel-static-10.34-1.13.1 * pcre2-tools-10.34-1.13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libpcre2-8-0-debuginfo-10.34-1.13.1 * libpcre2-posix2-debuginfo-10.34-1.13.1 * libpcre2-8-0-10.34-1.13.1 * libpcre2-16-0-10.34-1.13.1 * libpcre2-32-0-10.34-1.13.1 * libpcre2-posix2-10.34-1.13.1 * libpcre2-32-0-debuginfo-10.34-1.13.1 * libpcre2-16-0-debuginfo-10.34-1.13.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libpcre2-8-0-debuginfo-10.34-1.13.1 * libpcre2-posix2-debuginfo-10.34-1.13.1 * libpcre2-8-0-10.34-1.13.1 * libpcre2-16-0-10.34-1.13.1 * libpcre2-32-0-10.34-1.13.1 * libpcre2-posix2-10.34-1.13.1 * libpcre2-32-0-debuginfo-10.34-1.13.1 * libpcre2-16-0-debuginfo-10.34-1.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libpcre2-8-0-debuginfo-10.34-1.13.1 * libpcre2-posix2-debuginfo-10.34-1.13.1 * libpcre2-8-0-10.34-1.13.1 * libpcre2-16-0-10.34-1.13.1 * libpcre2-32-0-10.34-1.13.1 * libpcre2-posix2-10.34-1.13.1 * libpcre2-32-0-debuginfo-10.34-1.13.1 * libpcre2-16-0-debuginfo-10.34-1.13.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41409.html * https://bugzilla.suse.com/show_bug.cgi?id=1213514 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 16 08:31:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Aug 2023 08:31:25 -0000 Subject: SUSE-SU-2023:3327-1: moderate: Security update for pcre2 Message-ID: <169217468575.24047.4302638362353722123@smelt2.suse.de> # Security update for pcre2 Announcement ID: SUSE-SU-2023:3327-1 Rating: moderate References: * #1213514 Cross-References: * CVE-2022-41409 CVSS scores: * CVE-2022-41409 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41409 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for pcre2 fixes the following issues: * CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3327=1 openSUSE-SLE-15.4-2023-3327=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3327=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3327=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3327=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3327=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3327=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3327=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3327=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3327=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3327=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * pcre2-debugsource-10.39-150400.4.9.1 * pcre2-devel-static-10.39-150400.4.9.1 * libpcre2-32-0-10.39-150400.4.9.1 * libpcre2-posix2-10.39-150400.4.9.1 * pcre2-tools-debuginfo-10.39-150400.4.9.1 * libpcre2-8-0-10.39-150400.4.9.1 * libpcre2-8-0-debuginfo-10.39-150400.4.9.1 * libpcre2-posix2-debuginfo-10.39-150400.4.9.1 * pcre2-tools-10.39-150400.4.9.1 * pcre2-devel-10.39-150400.4.9.1 * libpcre2-16-0-debuginfo-10.39-150400.4.9.1 * libpcre2-32-0-debuginfo-10.39-150400.4.9.1 * libpcre2-16-0-10.39-150400.4.9.1 * openSUSE Leap 15.4 (x86_64) * libpcre2-32-0-32bit-debuginfo-10.39-150400.4.9.1 * libpcre2-16-0-32bit-debuginfo-10.39-150400.4.9.1 * libpcre2-32-0-32bit-10.39-150400.4.9.1 * libpcre2-8-0-32bit-debuginfo-10.39-150400.4.9.1 * libpcre2-posix2-32bit-10.39-150400.4.9.1 * libpcre2-16-0-32bit-10.39-150400.4.9.1 * libpcre2-posix2-32bit-debuginfo-10.39-150400.4.9.1 * libpcre2-8-0-32bit-10.39-150400.4.9.1 * openSUSE Leap 15.4 (noarch) * pcre2-doc-10.39-150400.4.9.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpcre2-32-0-64bit-10.39-150400.4.9.1 * libpcre2-8-0-64bit-10.39-150400.4.9.1 * libpcre2-posix2-64bit-debuginfo-10.39-150400.4.9.1 * libpcre2-32-0-64bit-debuginfo-10.39-150400.4.9.1 * libpcre2-posix2-64bit-10.39-150400.4.9.1 * libpcre2-16-0-64bit-debuginfo-10.39-150400.4.9.1 * libpcre2-16-0-64bit-10.39-150400.4.9.1 * libpcre2-8-0-64bit-debuginfo-10.39-150400.4.9.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * pcre2-debugsource-10.39-150400.4.9.1 * libpcre2-8-0-10.39-150400.4.9.1 * libpcre2-8-0-debuginfo-10.39-150400.4.9.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * pcre2-debugsource-10.39-150400.4.9.1 * libpcre2-8-0-10.39-150400.4.9.1 * libpcre2-8-0-debuginfo-10.39-150400.4.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * pcre2-debugsource-10.39-150400.4.9.1 * pcre2-devel-static-10.39-150400.4.9.1 * libpcre2-32-0-10.39-150400.4.9.1 * libpcre2-posix2-10.39-150400.4.9.1 * pcre2-tools-debuginfo-10.39-150400.4.9.1 * libpcre2-8-0-10.39-150400.4.9.1 * libpcre2-8-0-debuginfo-10.39-150400.4.9.1 * libpcre2-posix2-debuginfo-10.39-150400.4.9.1 * pcre2-tools-10.39-150400.4.9.1 * pcre2-devel-10.39-150400.4.9.1 * libpcre2-16-0-debuginfo-10.39-150400.4.9.1 * libpcre2-32-0-debuginfo-10.39-150400.4.9.1 * libpcre2-16-0-10.39-150400.4.9.1 * openSUSE Leap 15.5 (x86_64) * libpcre2-32-0-32bit-debuginfo-10.39-150400.4.9.1 * libpcre2-16-0-32bit-debuginfo-10.39-150400.4.9.1 * libpcre2-32-0-32bit-10.39-150400.4.9.1 * libpcre2-8-0-32bit-debuginfo-10.39-150400.4.9.1 * libpcre2-posix2-32bit-10.39-150400.4.9.1 * libpcre2-16-0-32bit-10.39-150400.4.9.1 * libpcre2-posix2-32bit-debuginfo-10.39-150400.4.9.1 * libpcre2-8-0-32bit-10.39-150400.4.9.1 * openSUSE Leap 15.5 (noarch) * pcre2-doc-10.39-150400.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * pcre2-debugsource-10.39-150400.4.9.1 * libpcre2-8-0-10.39-150400.4.9.1 * libpcre2-8-0-debuginfo-10.39-150400.4.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * pcre2-debugsource-10.39-150400.4.9.1 * libpcre2-8-0-10.39-150400.4.9.1 * libpcre2-8-0-debuginfo-10.39-150400.4.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * pcre2-debugsource-10.39-150400.4.9.1 * libpcre2-8-0-10.39-150400.4.9.1 * libpcre2-8-0-debuginfo-10.39-150400.4.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * pcre2-debugsource-10.39-150400.4.9.1 * libpcre2-8-0-10.39-150400.4.9.1 * libpcre2-8-0-debuginfo-10.39-150400.4.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * pcre2-debugsource-10.39-150400.4.9.1 * libpcre2-32-0-10.39-150400.4.9.1 * libpcre2-posix2-10.39-150400.4.9.1 * libpcre2-8-0-10.39-150400.4.9.1 * libpcre2-8-0-debuginfo-10.39-150400.4.9.1 * libpcre2-posix2-debuginfo-10.39-150400.4.9.1 * pcre2-devel-10.39-150400.4.9.1 * libpcre2-16-0-debuginfo-10.39-150400.4.9.1 * libpcre2-32-0-debuginfo-10.39-150400.4.9.1 * libpcre2-16-0-10.39-150400.4.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * pcre2-debugsource-10.39-150400.4.9.1 * libpcre2-32-0-10.39-150400.4.9.1 * libpcre2-posix2-10.39-150400.4.9.1 * libpcre2-8-0-10.39-150400.4.9.1 * libpcre2-8-0-debuginfo-10.39-150400.4.9.1 * libpcre2-posix2-debuginfo-10.39-150400.4.9.1 * pcre2-devel-10.39-150400.4.9.1 * libpcre2-16-0-debuginfo-10.39-150400.4.9.1 * libpcre2-32-0-debuginfo-10.39-150400.4.9.1 * libpcre2-16-0-10.39-150400.4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41409.html * https://bugzilla.suse.com/show_bug.cgi?id=1213514 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 16 08:31:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Aug 2023 08:31:28 -0000 Subject: SUSE-RU-2023:3326-1: low: Recommended update for aqute-bnd Message-ID: <169217468899.24047.3476244565086912673@smelt2.suse.de> # Recommended update for aqute-bnd Announcement ID: SUSE-RU-2023:3326-1 Rating: low References: * #1210878 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for aqute-bnd fixes the following issues: * Fetch sources using source_service and don't distribute legally spurious files (bsc#1210878) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3326=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3326=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3326=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3326=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3326=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3326=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3326=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3326=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3326=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3326=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3326=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3326=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3326=1 ## Package List: * Development Tools Module 15-SP4 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * Development Tools Module 15-SP5 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * SUSE Enterprise Storage 7.1 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * SUSE Enterprise Storage 7 (noarch) * aqute-bndlib-5.2.0-150200.3.9.1 * openSUSE Leap 15.4 (noarch) * aqute-bnd-5.2.0-150200.3.9.1 * aqute-bndlib-5.2.0-150200.3.9.1 * bnd-maven-plugin-5.2.0-150200.3.9.1 * bnd-maven-plugin-javadoc-5.2.0-150200.3.9.1 * aqute-bnd-javadoc-5.2.0-150200.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 16 08:31:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Aug 2023 08:31:30 -0000 Subject: SUSE-SU-2023:3325-1: important: Security update for krb5 Message-ID: <169217469088.24047.740011981692907454@smelt2.suse.de> # Security update for krb5 Announcement ID: SUSE-SU-2023:3325-1 Rating: important References: * #1214054 Cross-References: * CVE-2023-36054 CVSS scores: * CVE-2023-36054 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-36054 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for krb5 fixes the following issues: * CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3325=1 openSUSE-SLE-15.5-2023-3325=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3325=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3325=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * krb5-mini-debugsource-1.20.1-150500.3.3.1 * krb5-plugin-preauth-otp-1.20.1-150500.3.3.1 * krb5-server-1.20.1-150500.3.3.1 * krb5-mini-devel-1.20.1-150500.3.3.1 * krb5-devel-1.20.1-150500.3.3.1 * krb5-plugin-preauth-otp-debuginfo-1.20.1-150500.3.3.1 * krb5-plugin-kdb-ldap-1.20.1-150500.3.3.1 * krb5-mini-1.20.1-150500.3.3.1 * krb5-mini-debuginfo-1.20.1-150500.3.3.1 * krb5-1.20.1-150500.3.3.1 * krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150500.3.3.1 * krb5-plugin-preauth-spake-1.20.1-150500.3.3.1 * krb5-debuginfo-1.20.1-150500.3.3.1 * krb5-plugin-preauth-spake-debuginfo-1.20.1-150500.3.3.1 * krb5-plugin-kdb-ldap-debuginfo-1.20.1-150500.3.3.1 * krb5-server-debuginfo-1.20.1-150500.3.3.1 * krb5-client-1.20.1-150500.3.3.1 * krb5-debugsource-1.20.1-150500.3.3.1 * krb5-plugin-preauth-pkinit-1.20.1-150500.3.3.1 * krb5-client-debuginfo-1.20.1-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * krb5-32bit-1.20.1-150500.3.3.1 * krb5-devel-32bit-1.20.1-150500.3.3.1 * krb5-32bit-debuginfo-1.20.1-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * krb5-64bit-debuginfo-1.20.1-150500.3.3.1 * krb5-64bit-1.20.1-150500.3.3.1 * krb5-devel-64bit-1.20.1-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * krb5-plugin-preauth-otp-1.20.1-150500.3.3.1 * krb5-devel-1.20.1-150500.3.3.1 * krb5-plugin-preauth-otp-debuginfo-1.20.1-150500.3.3.1 * krb5-1.20.1-150500.3.3.1 * krb5-plugin-preauth-pkinit-debuginfo-1.20.1-150500.3.3.1 * krb5-debuginfo-1.20.1-150500.3.3.1 * krb5-client-1.20.1-150500.3.3.1 * krb5-debugsource-1.20.1-150500.3.3.1 * krb5-plugin-preauth-pkinit-1.20.1-150500.3.3.1 * krb5-client-debuginfo-1.20.1-150500.3.3.1 * Basesystem Module 15-SP5 (x86_64) * krb5-32bit-1.20.1-150500.3.3.1 * krb5-32bit-debuginfo-1.20.1-150500.3.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * krb5-server-1.20.1-150500.3.3.1 * krb5-plugin-kdb-ldap-1.20.1-150500.3.3.1 * krb5-debuginfo-1.20.1-150500.3.3.1 * krb5-server-debuginfo-1.20.1-150500.3.3.1 * krb5-plugin-kdb-ldap-debuginfo-1.20.1-150500.3.3.1 * krb5-debugsource-1.20.1-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36054.html * https://bugzilla.suse.com/show_bug.cgi?id=1214054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 16 08:31:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Aug 2023 08:31:38 -0000 Subject: SUSE-SU-2023:3324-1: important: Security update for the Linux Kernel Message-ID: <169217469862.24047.4075050906749089836@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3324-1 Rating: important References: * #1087082 * #1126703 * #1206418 * #1207561 * #1209779 * #1210584 * #1211738 * #1211867 * #1212502 * #1213059 * #1213167 * #1213251 * #1213286 * #1213287 * #1213585 * #1213588 Cross-References: * CVE-2018-20784 * CVE-2018-3639 * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-1637 * CVE-2023-20569 * CVE-2023-20593 * CVE-2023-2985 * CVE-2023-3106 * CVE-2023-3268 * CVE-2023-35001 * CVE-2023-3567 * CVE-2023-3611 * CVE-2023-3776 CVSS scores: * CVE-2018-20784 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-20784 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-20784 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-3639 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2018-3639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2018-3639 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3106 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3106 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves 14 vulnerabilities and has two fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2018-20784: Fixed a denial of service (infinite loop in update_blocked_averages) by mishandled leaf cfs_rq in kernel/sched/fair.c (bsc#1126703). * CVE-2018-3639: Fixed Speculative Store Bypass aka "Memory Disambiguation" (bsc#1087082). * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-3106: Fixed crash in XFRM_MSG_GETSA netlink handler (bsc#1213251). * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). The following non-security bugs were fixed: * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). * x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (git-fixes) No it's not git-fixes it's used to make sle12-sp2 compile with newer toolchain to make the life of all the poor souls maintaining this ancient kernel on their modern machines, a little bit easier.... ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3324=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64) * kernel-default-4.4.121-92.208.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * kernel-default-base-debuginfo-4.4.121-92.208.1 * kernel-syms-4.4.121-92.208.1 * kernel-default-base-4.4.121-92.208.1 * kernel-default-debuginfo-4.4.121-92.208.1 * kernel-default-debugsource-4.4.121-92.208.1 * kernel-default-devel-4.4.121-92.208.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * kernel-source-4.4.121-92.208.1 * kernel-devel-4.4.121-92.208.1 * kernel-macros-4.4.121-92.208.1 ## References: * https://www.suse.com/security/cve/CVE-2018-20784.html * https://www.suse.com/security/cve/CVE-2018-3639.html * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3106.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://bugzilla.suse.com/show_bug.cgi?id=1087082 * https://bugzilla.suse.com/show_bug.cgi?id=1126703 * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207561 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213251 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 16 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Aug 2023 12:30:07 -0000 Subject: SUSE-SU-2023:3333-1: important: Security update for the Linux Kernel Message-ID: <169218900726.22104.8470172664200700043@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3333-1 Rating: important References: * #1087082 * #1102851 * #1205803 * #1206418 * #1211738 * #1212128 * #1212129 * #1212154 * #1212501 * #1212502 * #1213167 * #1213286 * #1213588 Cross-References: * CVE-2017-18344 * CVE-2018-3639 * CVE-2022-40982 * CVE-2022-45919 * CVE-2023-0459 * CVE-2023-20593 * CVE-2023-3141 * CVE-2023-3159 * CVE-2023-3161 * CVE-2023-3268 * CVE-2023-3567 * CVE-2023-35824 * CVE-2023-3776 CVSS scores: * CVE-2017-18344 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-18344 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2018-3639 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2018-3639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2018-3639 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves 13 vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2018-3639: Fixed Speculative Store Bypass aka "Memory Disambiguation" (bsc#1087082). * CVE-2017-18344: Fixed an OOB access led by an invalid check in timer_create. (bsc#1102851). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). The following non-security bugs were fixed: * fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154). * firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159 bsc#1212128). * kABI: restore _copy_from_user on x86_64 and copy_to_user on x86 (bsc#1211738 CVE-2023-0459). * media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824). * media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803). * memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449). * net/sched: cls_fw: Fix improper refcount update leads to use-after-free (CVE-2023-3776 bsc#1213588). * pkt_sched: fix error return code in fw_change_attrs() (bsc#1213588). * pkt_sched: fix error return code in fw_change_attrs() (bsc#1213588). * posix-timer: Properly check sigevent->sigev_notify (CVE-2017-18344, bsc#1102851, bsc#1208715). * relayfs: fix out-of-bounds access in relay_file_read (bsc#1212502 CVE-2023-3268). * uaccess: Add speculation barrier to copy_from_user() (bsc#1211738 CVE-2023-0459). * vc_screen: don't clobber return value in vcs_read (bsc#1213167 CVE-2023-3567). * vc_screen: modify vcs_size() handling in vcs_read() (bsc#1213167 CVE-2023-3567). * vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (bsc#1213167 CVE-2023-3567). * x86: Unify copy_from_user() size checking (bsc#1211738 CVE-2023-0459). * x86/copy_user: Unify the code by removing the 64-bit asm _copy_ *_user() variants (bsc#1211738 CVE-2023-0459). * x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593). * x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-3333=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-3333=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (nosrc x86_64) * kernel-default-3.0.101-108.144.1 * kernel-trace-3.0.101-108.144.1 * kernel-xen-3.0.101-108.144.1 * kernel-ec2-3.0.101-108.144.1 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * kernel-ec2-devel-3.0.101-108.144.1 * kernel-trace-base-3.0.101-108.144.1 * kernel-default-devel-3.0.101-108.144.1 * kernel-source-3.0.101-108.144.1 * kernel-xen-base-3.0.101-108.144.1 * kernel-default-base-3.0.101-108.144.1 * kernel-trace-devel-3.0.101-108.144.1 * kernel-xen-devel-3.0.101-108.144.1 * kernel-syms-3.0.101-108.144.1 * kernel-ec2-base-3.0.101-108.144.1 * SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64) * kernel-default-3.0.101-108.144.1 * kernel-trace-3.0.101-108.144.1 * kernel-xen-3.0.101-108.144.1 * kernel-ec2-3.0.101-108.144.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * kernel-ec2-devel-3.0.101-108.144.1 * kernel-trace-base-3.0.101-108.144.1 * kernel-default-devel-3.0.101-108.144.1 * kernel-source-3.0.101-108.144.1 * kernel-xen-base-3.0.101-108.144.1 * kernel-default-base-3.0.101-108.144.1 * kernel-trace-devel-3.0.101-108.144.1 * kernel-xen-devel-3.0.101-108.144.1 * kernel-syms-3.0.101-108.144.1 * kernel-ec2-base-3.0.101-108.144.1 ## References: * https://www.suse.com/security/cve/CVE-2017-18344.html * https://www.suse.com/security/cve/CVE-2018-3639.html * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-3141.html * https://www.suse.com/security/cve/CVE-2023-3159.html * https://www.suse.com/security/cve/CVE-2023-3161.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-35824.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://bugzilla.suse.com/show_bug.cgi?id=1087082 * https://bugzilla.suse.com/show_bug.cgi?id=1102851 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1212128 * https://bugzilla.suse.com/show_bug.cgi?id=1212129 * https://bugzilla.suse.com/show_bug.cgi?id=1212154 * https://bugzilla.suse.com/show_bug.cgi?id=1212501 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 16 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Aug 2023 12:30:09 -0000 Subject: SUSE-SU-2023:3332-1: low: Security update for java-1_8_0-openj9 Message-ID: <169218900928.22104.4064156145278079583@smelt2.suse.de> # Security update for java-1_8_0-openj9 Announcement ID: SUSE-SU-2023:3332-1 Rating: low References: * #1213481 * #1213482 Cross-References: * CVE-2023-22045 * CVE-2023-22049 CVSS scores: * CVE-2023-22045 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22049 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openj9 fixes the following issues: OpenJDK was updated to version 8u382 build 05 with OpenJ9 0.40.0 VM: * CVE-2023-22045: Fixed vulnerability in hotspot component (bsc#1213481). * CVE-2023-22049: Fixed vulnerability in library component (bsc#1213482). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3332=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3332=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3332=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openj9-accessibility-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-headless-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-headless-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-devel-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-demo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-demo-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-devel-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-debugsource-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-src-1.8.0.382-150200.3.36.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openj9-javadoc-1.8.0.382-150200.3.36.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openj9-accessibility-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-headless-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-headless-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-devel-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-demo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-demo-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-devel-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-debugsource-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-src-1.8.0.382-150200.3.36.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openj9-javadoc-1.8.0.382-150200.3.36.1 * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * java-1_8_0-openj9-accessibility-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-headless-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-headless-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-devel-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-demo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-demo-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-devel-debuginfo-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-debugsource-1.8.0.382-150200.3.36.1 * java-1_8_0-openj9-src-1.8.0.382-150200.3.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22045.html * https://www.suse.com/security/cve/CVE-2023-22049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213481 * https://bugzilla.suse.com/show_bug.cgi?id=1213482 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 06:14:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:14:22 +0200 (CEST) Subject: SUSE-CU-2023:2684-1: Security update of bci/python Message-ID: <20230817061422.95A11FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2684-1 Container Tags : bci/python:3 , bci/python:3-15.32 , bci/python:3.10 , bci/python:3.10-15.32 Container Release : 15.32 Severity : moderate Type : security References : 1213514 CVE-2022-41409 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - libpcre2-8-0-10.39-150400.4.9.1 updated From sle-updates at lists.suse.com Thu Aug 17 06:14:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:14:34 +0200 (CEST) Subject: SUSE-CU-2023:2685-1: Security update of bci/dotnet-aspnet Message-ID: <20230817061434.6B9DAFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2685-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-10.26 , bci/dotnet-aspnet:6.0.20 , bci/dotnet-aspnet:6.0.20-10.26 Container Release : 10.26 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:14:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:14:43 +0200 (CEST) Subject: SUSE-CU-2023:2686-1: Security update of bci/dotnet-aspnet Message-ID: <20230817061443.E3AD1FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2686-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.26 , bci/dotnet-aspnet:7.0.9 , bci/dotnet-aspnet:7.0.9-10.26 , bci/dotnet-aspnet:latest Container Release : 10.26 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:14:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:14:51 +0200 (CEST) Subject: SUSE-CU-2023:2687-1: Security update of suse/registry Message-ID: <20230817061451.0633DFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2687-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.17 , suse/registry:latest Container Release : 14.17 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated From sle-updates at lists.suse.com Thu Aug 17 06:15:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:15:03 +0200 (CEST) Subject: SUSE-CU-2023:2688-1: Security update of bci/dotnet-sdk Message-ID: <20230817061503.89DB6FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2688-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-9.26 , bci/dotnet-sdk:6.0.20 , bci/dotnet-sdk:6.0.20-9.26 Container Release : 9.26 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:15:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:15:15 +0200 (CEST) Subject: SUSE-CU-2023:2689-1: Security update of bci/dotnet-sdk Message-ID: <20230817061515.8030CFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2689-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.26 , bci/dotnet-sdk:7.0.9 , bci/dotnet-sdk:7.0.9-11.26 , bci/dotnet-sdk:latest Container Release : 11.26 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:15:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:15:25 +0200 (CEST) Subject: SUSE-CU-2023:2690-1: Security update of bci/dotnet-runtime Message-ID: <20230817061525.BDA04FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2690-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-9.26 , bci/dotnet-runtime:6.0.20 , bci/dotnet-runtime:6.0.20-9.26 Container Release : 9.26 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:15:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:15:35 +0200 (CEST) Subject: SUSE-CU-2023:2691-1: Security update of bci/dotnet-runtime Message-ID: <20230817061535.BA771FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2691-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.26 , bci/dotnet-runtime:7.0.9 , bci/dotnet-runtime:7.0.9-11.26 , bci/dotnet-runtime:latest Container Release : 11.26 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:15:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:15:44 +0200 (CEST) Subject: SUSE-CU-2023:2692-1: Security update of bci/golang Message-ID: <20230817061544.D71EAFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2692-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.8.8 , bci/golang:oldstable , bci/golang:oldstable-2.8.8 Container Release : 8.8 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:15:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:15:56 +0200 (CEST) Subject: SUSE-CU-2023:2693-1: Security update of bci/golang Message-ID: <20230817061556.3D921FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2693-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.9.7 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.9.7 Container Release : 9.7 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:16:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:16:07 +0200 (CEST) Subject: SUSE-CU-2023:2694-1: Security update of bci/bci-init Message-ID: <20230817061607.27B3CFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2694-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.40 , bci/bci-init:latest Container Release : 8.40 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:16:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:16:17 +0200 (CEST) Subject: SUSE-CU-2023:2695-1: Security update of bci/nodejs Message-ID: <20230817061617.1E64BFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2695-1 Container Tags : bci/node:16 , bci/node:16-9.30 , bci/nodejs:16 , bci/nodejs:16-9.30 Container Release : 9.30 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:16:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:16:28 +0200 (CEST) Subject: SUSE-CU-2023:2696-1: Security update of bci/nodejs Message-ID: <20230817061628.7AF02FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2696-1 Container Tags : bci/node:18 , bci/node:18-9.13 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-9.13 , bci/nodejs:latest Container Release : 9.13 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:16:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:16:39 +0200 (CEST) Subject: SUSE-CU-2023:2697-1: Security update of bci/openjdk Message-ID: <20230817061639.A0F2AFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2697-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-9.29 Container Release : 9.29 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:16:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:16:51 +0200 (CEST) Subject: SUSE-CU-2023:2698-1: Security update of bci/openjdk Message-ID: <20230817061651.731B5FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2698-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.29 , bci/openjdk:latest Container Release : 10.29 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:17:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:17:01 +0200 (CEST) Subject: SUSE-CU-2023:2699-1: Security update of suse/pcp Message-ID: <20230817061701.85584FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2699-1 Container Tags : suse/pcp:5 , suse/pcp:5-13.23 , suse/pcp:5.2 , suse/pcp:5.2-13.23 , suse/pcp:5.2.5 , suse/pcp:5.2.5-13.23 , suse/pcp:latest Container Release : 13.23 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:bci-bci-init-15.5-15.5-8.40 updated From sle-updates at lists.suse.com Thu Aug 17 06:17:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:17:11 +0200 (CEST) Subject: SUSE-CU-2023:2700-1: Security update of bci/php-apache Message-ID: <20230817061711.271B4FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2700-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.28 Container Release : 6.28 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:17:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:17:20 +0200 (CEST) Subject: SUSE-CU-2023:2701-1: Security update of bci/php-fpm Message-ID: <20230817061720.9940AFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2701-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.27 Container Release : 6.27 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:17:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:17:30 +0200 (CEST) Subject: SUSE-CU-2023:2702-1: Security update of bci/php Message-ID: <20230817061730.B497BFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2702-1 Container Tags : bci/php:8 , bci/php:8-6.27 Container Release : 6.27 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:17:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:17:38 +0200 (CEST) Subject: SUSE-CU-2023:2703-1: Security update of suse/postgres Message-ID: <20230817061738.A7F47FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2703-1 Container Tags : suse/postgres:14 , suse/postgres:14-12.29 , suse/postgres:14.8 , suse/postgres:14.8-12.29 Container Release : 12.29 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:17:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:17:49 +0200 (CEST) Subject: SUSE-CU-2023:2704-1: Security update of bci/python Message-ID: <20230817061749.8F44AFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2704-1 Container Tags : bci/python:3 , bci/python:3-8.36 , bci/python:3.11 , bci/python:3.11-8.36 , bci/python:latest Container Release : 8.36 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:28:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:28:56 +0200 (CEST) Subject: SUSE-CU-2023:2704-1: Security update of bci/python Message-ID: <20230817062856.ADAF2FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2704-1 Container Tags : bci/python:3 , bci/python:3-8.36 , bci/python:3.11 , bci/python:3.11-8.36 , bci/python:latest Container Release : 8.36 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:29:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:29:07 +0200 (CEST) Subject: SUSE-CU-2023:2705-1: Security update of bci/python Message-ID: <20230817062907.9B2BFFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2705-1 Container Tags : bci/python:3 , bci/python:3-10.33 , bci/python:3.6 , bci/python:3.6-10.33 Container Release : 10.33 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:29:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:29:17 +0200 (CEST) Subject: SUSE-CU-2023:2706-1: Security update of bci/ruby Message-ID: <20230817062917.72D02FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2706-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.26 , bci/ruby:2.5 , bci/ruby:2.5-10.26 , bci/ruby:latest Container Release : 10.26 Severity : important Type : security References : 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:29:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:29:29 +0200 (CEST) Subject: SUSE-CU-2023:2707-1: Security update of bci/rust Message-ID: <20230817062929.292A9FCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2707-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-2.9.11 , bci/rust:oldstable , bci/rust:oldstable-2.9.11 Container Release : 9.11 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:29:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:29:40 +0200 (CEST) Subject: SUSE-CU-2023:2708-1: Security update of bci/rust Message-ID: <20230817062940.7C18AFCA4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2708-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-1.10.12 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.10.12 Container Release : 10.12 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Thu Aug 17 06:29:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 08:29:48 +0200 (CEST) Subject: SUSE-CU-2023:2709-1: Security update of suse/sle15 Message-ID: <20230817062948.E749BFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2709-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.25 , suse/sle15:15.5 , suse/sle15:15.5.36.5.25 Container Release : 36.5.25 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated From sle-updates at lists.suse.com Thu Aug 17 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 12:30:03 -0000 Subject: SUSE-SU-2023:3343-1: moderate: Security update for postgresql15 Message-ID: <169227540364.8095.13318436041902580953@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:3343-1 Rating: moderate References: * #1214059 Cross-References: * CVE-2023-39417 CVSS scores: * CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql15 fixes the following issues: * Update to 14.9 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3343=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3343=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3343=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3343=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-devel-14.9-3.26.1 * postgresql14-devel-debuginfo-14.9-3.26.1 * postgresql14-debugsource-14.9-3.26.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql14-server-devel-14.9-3.26.1 * postgresql14-server-devel-debuginfo-14.9-3.26.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql14-14.9-3.26.1 * postgresql14-contrib-debuginfo-14.9-3.26.1 * postgresql14-plperl-14.9-3.26.1 * postgresql14-debugsource-14.9-3.26.1 * postgresql14-plpython-14.9-3.26.1 * postgresql14-contrib-14.9-3.26.1 * postgresql14-server-14.9-3.26.1 * postgresql14-server-debuginfo-14.9-3.26.1 * postgresql14-pltcl-14.9-3.26.1 * postgresql14-pltcl-debuginfo-14.9-3.26.1 * postgresql14-plpython-debuginfo-14.9-3.26.1 * postgresql14-debuginfo-14.9-3.26.1 * postgresql14-plperl-debuginfo-14.9-3.26.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql14-docs-14.9-3.26.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-14.9-3.26.1 * postgresql14-contrib-debuginfo-14.9-3.26.1 * postgresql14-plperl-14.9-3.26.1 * postgresql14-debugsource-14.9-3.26.1 * postgresql14-plpython-14.9-3.26.1 * postgresql14-contrib-14.9-3.26.1 * postgresql14-server-14.9-3.26.1 * postgresql14-server-debuginfo-14.9-3.26.1 * postgresql14-pltcl-14.9-3.26.1 * postgresql14-pltcl-debuginfo-14.9-3.26.1 * postgresql14-plpython-debuginfo-14.9-3.26.1 * postgresql14-debuginfo-14.9-3.26.1 * postgresql14-plperl-debuginfo-14.9-3.26.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql14-docs-14.9-3.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql14-14.9-3.26.1 * postgresql14-contrib-debuginfo-14.9-3.26.1 * postgresql14-plperl-14.9-3.26.1 * postgresql14-debugsource-14.9-3.26.1 * postgresql14-plpython-14.9-3.26.1 * postgresql14-contrib-14.9-3.26.1 * postgresql14-server-14.9-3.26.1 * postgresql14-server-debuginfo-14.9-3.26.1 * postgresql14-pltcl-14.9-3.26.1 * postgresql14-pltcl-debuginfo-14.9-3.26.1 * postgresql14-plpython-debuginfo-14.9-3.26.1 * postgresql14-debuginfo-14.9-3.26.1 * postgresql14-plperl-debuginfo-14.9-3.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql14-docs-14.9-3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39417.html * https://bugzilla.suse.com/show_bug.cgi?id=1214059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 12:30:06 -0000 Subject: SUSE-SU-2023:3342-1: moderate: Security update for postgresql15 Message-ID: <169227540626.8095.12546854421774350679@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:3342-1 Rating: moderate References: * #1214059 * #1214061 Cross-References: * CVE-2023-39417 * CVE-2023-39418 CVSS scores: * CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39418 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-39418 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for postgresql15 fixes the following issues: * Update to 15.4 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) * CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3342=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3342=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3342=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3342=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql15-server-devel-15.4-3.12.1 * postgresql15-server-devel-debuginfo-15.4-3.12.1 * postgresql15-devel-debuginfo-15.4-3.12.1 * postgresql15-devel-15.4-3.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql15-debugsource-15.4-3.12.1 * libpq5-15.4-3.12.1 * libecpg6-debuginfo-15.4-3.12.1 * postgresql15-contrib-15.4-3.12.1 * postgresql15-pltcl-15.4-3.12.1 * postgresql15-15.4-3.12.1 * postgresql15-plperl-15.4-3.12.1 * postgresql15-pltcl-debuginfo-15.4-3.12.1 * postgresql15-server-15.4-3.12.1 * postgresql15-contrib-debuginfo-15.4-3.12.1 * postgresql15-plperl-debuginfo-15.4-3.12.1 * postgresql15-plpython-15.4-3.12.1 * libpq5-debuginfo-15.4-3.12.1 * postgresql15-server-debuginfo-15.4-3.12.1 * postgresql15-plpython-debuginfo-15.4-3.12.1 * libecpg6-15.4-3.12.1 * postgresql15-debuginfo-15.4-3.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql15-docs-15.4-3.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpq5-debuginfo-32bit-15.4-3.12.1 * libecpg6-debuginfo-32bit-15.4-3.12.1 * libecpg6-32bit-15.4-3.12.1 * libpq5-32bit-15.4-3.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql15-debugsource-15.4-3.12.1 * libpq5-15.4-3.12.1 * libecpg6-debuginfo-15.4-3.12.1 * postgresql15-contrib-15.4-3.12.1 * postgresql15-pltcl-15.4-3.12.1 * postgresql15-15.4-3.12.1 * postgresql15-plperl-15.4-3.12.1 * postgresql15-pltcl-debuginfo-15.4-3.12.1 * postgresql15-server-15.4-3.12.1 * postgresql15-contrib-debuginfo-15.4-3.12.1 * postgresql15-plperl-debuginfo-15.4-3.12.1 * postgresql15-plpython-15.4-3.12.1 * libpq5-debuginfo-15.4-3.12.1 * postgresql15-server-debuginfo-15.4-3.12.1 * postgresql15-plpython-debuginfo-15.4-3.12.1 * libecpg6-15.4-3.12.1 * postgresql15-debuginfo-15.4-3.12.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql15-docs-15.4-3.12.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpq5-debuginfo-32bit-15.4-3.12.1 * libecpg6-debuginfo-32bit-15.4-3.12.1 * libecpg6-32bit-15.4-3.12.1 * libpq5-32bit-15.4-3.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql15-debugsource-15.4-3.12.1 * libpq5-15.4-3.12.1 * libecpg6-debuginfo-15.4-3.12.1 * postgresql15-contrib-15.4-3.12.1 * postgresql15-pltcl-15.4-3.12.1 * postgresql15-15.4-3.12.1 * postgresql15-plperl-15.4-3.12.1 * postgresql15-pltcl-debuginfo-15.4-3.12.1 * postgresql15-server-15.4-3.12.1 * postgresql15-contrib-debuginfo-15.4-3.12.1 * postgresql15-plperl-debuginfo-15.4-3.12.1 * postgresql15-plpython-15.4-3.12.1 * libpq5-debuginfo-15.4-3.12.1 * postgresql15-server-debuginfo-15.4-3.12.1 * postgresql15-plpython-debuginfo-15.4-3.12.1 * libecpg6-15.4-3.12.1 * postgresql15-debuginfo-15.4-3.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql15-docs-15.4-3.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpq5-debuginfo-32bit-15.4-3.12.1 * libecpg6-debuginfo-32bit-15.4-3.12.1 * libecpg6-32bit-15.4-3.12.1 * libpq5-32bit-15.4-3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39417.html * https://www.suse.com/security/cve/CVE-2023-39418.html * https://bugzilla.suse.com/show_bug.cgi?id=1214059 * https://bugzilla.suse.com/show_bug.cgi?id=1214061 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 12:30:08 -0000 Subject: SUSE-SU-2023:3341-1: moderate: Security update for postgresql12 Message-ID: <169227540836.8095.14314679065317647918@smelt2.suse.de> # Security update for postgresql12 Announcement ID: SUSE-SU-2023:3341-1 Rating: moderate References: * #1214059 Cross-References: * CVE-2023-39417 CVSS scores: * CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql12 fixes the following issues: * Update to 12.16 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3341=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3341=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3341=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3341=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql12-devel-12.16-3.42.1 * postgresql12-debugsource-12.16-3.42.1 * postgresql12-devel-debuginfo-12.16-3.42.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql12-server-devel-debuginfo-12.16-3.42.1 * postgresql12-server-devel-12.16-3.42.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql12-plpython-debuginfo-12.16-3.42.1 * postgresql12-server-12.16-3.42.1 * postgresql12-plperl-debuginfo-12.16-3.42.1 * postgresql12-pltcl-debuginfo-12.16-3.42.1 * postgresql12-debugsource-12.16-3.42.1 * postgresql12-debuginfo-12.16-3.42.1 * postgresql12-plperl-12.16-3.42.1 * postgresql12-server-debuginfo-12.16-3.42.1 * postgresql12-contrib-12.16-3.42.1 * postgresql12-pltcl-12.16-3.42.1 * postgresql12-contrib-debuginfo-12.16-3.42.1 * postgresql12-plpython-12.16-3.42.1 * postgresql12-12.16-3.42.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql12-docs-12.16-3.42.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql12-plpython-debuginfo-12.16-3.42.1 * postgresql12-server-12.16-3.42.1 * postgresql12-plperl-debuginfo-12.16-3.42.1 * postgresql12-pltcl-debuginfo-12.16-3.42.1 * postgresql12-debugsource-12.16-3.42.1 * postgresql12-debuginfo-12.16-3.42.1 * postgresql12-plperl-12.16-3.42.1 * postgresql12-server-debuginfo-12.16-3.42.1 * postgresql12-contrib-12.16-3.42.1 * postgresql12-pltcl-12.16-3.42.1 * postgresql12-contrib-debuginfo-12.16-3.42.1 * postgresql12-plpython-12.16-3.42.1 * postgresql12-12.16-3.42.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql12-docs-12.16-3.42.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql12-plpython-debuginfo-12.16-3.42.1 * postgresql12-server-12.16-3.42.1 * postgresql12-plperl-debuginfo-12.16-3.42.1 * postgresql12-pltcl-debuginfo-12.16-3.42.1 * postgresql12-debugsource-12.16-3.42.1 * postgresql12-debuginfo-12.16-3.42.1 * postgresql12-plperl-12.16-3.42.1 * postgresql12-server-debuginfo-12.16-3.42.1 * postgresql12-contrib-12.16-3.42.1 * postgresql12-pltcl-12.16-3.42.1 * postgresql12-contrib-debuginfo-12.16-3.42.1 * postgresql12-plpython-12.16-3.42.1 * postgresql12-12.16-3.42.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql12-docs-12.16-3.42.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39417.html * https://bugzilla.suse.com/show_bug.cgi?id=1214059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 12:30:10 -0000 Subject: SUSE-RU-2023:3340-1: moderate: Recommended update for tcmu-runner Message-ID: <169227541062.8095.11245545375462427654@smelt2.suse.de> # Recommended update for tcmu-runner Announcement ID: SUSE-RU-2023:3340-1 Rating: moderate References: * #1212636 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for tcmu-runner fixes the following issues: * Adjust handler path to RPM macros (bsc#1212636) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3340=1 SUSE-2023-3340=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3340=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3340=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3340=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * tcmu-runner-handler-rbd-1.5.4-150400.3.3.1 * tcmu-runner-handler-rbd-debuginfo-1.5.4-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libtcmu2-debuginfo-1.5.4-150400.3.3.1 * libtcmu2-1.5.4-150400.3.3.1 * tcmu-runner-debuginfo-1.5.4-150400.3.3.1 * tcmu-runner-debugsource-1.5.4-150400.3.3.1 * tcmu-runner-1.5.4-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libtcmu2-debuginfo-1.5.4-150400.3.3.1 * libtcmu2-1.5.4-150400.3.3.1 * tcmu-runner-debuginfo-1.5.4-150400.3.3.1 * tcmu-runner-debugsource-1.5.4-150400.3.3.1 * tcmu-runner-1.5.4-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 x86_64) * tcmu-runner-handler-rbd-1.5.4-150400.3.3.1 * tcmu-runner-handler-rbd-debuginfo-1.5.4-150400.3.3.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libtcmu2-debuginfo-1.5.4-150400.3.3.1 * libtcmu2-1.5.4-150400.3.3.1 * tcmu-runner-debuginfo-1.5.4-150400.3.3.1 * tcmu-runner-debugsource-1.5.4-150400.3.3.1 * tcmu-runner-1.5.4-150400.3.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libtcmu2-debuginfo-1.5.4-150400.3.3.1 * libtcmu2-1.5.4-150400.3.3.1 * tcmu-runner-debuginfo-1.5.4-150400.3.3.1 * tcmu-runner-debugsource-1.5.4-150400.3.3.1 * tcmu-runner-1.5.4-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212636 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 12:30:13 -0000 Subject: SUSE-SU-2023:3339-1: moderate: Security update for openssl-1_0_0 Message-ID: <169227541378.8095.8148085666054160219@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:3339-1 Rating: moderate References: * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3339=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3339=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3339=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3339=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debuginfo-1.0.2p-3.84.1 * openssl-1_0_0-debugsource-1.0.2p-3.84.1 * libopenssl-1_0_0-devel-1.0.2p-3.84.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-3.84.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libopenssl1_0_0-1.0.2p-3.84.1 * libopenssl1_0_0-hmac-1.0.2p-3.84.1 * openssl-1_0_0-debuginfo-1.0.2p-3.84.1 * openssl-1_0_0-1.0.2p-3.84.1 * libopenssl-1_0_0-devel-1.0.2p-3.84.1 * openssl-1_0_0-debugsource-1.0.2p-3.84.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.84.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.84.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.84.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.84.1 * libopenssl1_0_0-32bit-1.0.2p-3.84.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-1.0.2p-3.84.1 * libopenssl1_0_0-hmac-1.0.2p-3.84.1 * openssl-1_0_0-debuginfo-1.0.2p-3.84.1 * openssl-1_0_0-1.0.2p-3.84.1 * libopenssl-1_0_0-devel-1.0.2p-3.84.1 * openssl-1_0_0-debugsource-1.0.2p-3.84.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.84.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.84.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.84.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.84.1 * libopenssl1_0_0-32bit-1.0.2p-3.84.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libopenssl1_0_0-1.0.2p-3.84.1 * libopenssl1_0_0-hmac-1.0.2p-3.84.1 * openssl-1_0_0-debuginfo-1.0.2p-3.84.1 * openssl-1_0_0-1.0.2p-3.84.1 * libopenssl-1_0_0-devel-1.0.2p-3.84.1 * openssl-1_0_0-debugsource-1.0.2p-3.84.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.84.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.84.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.84.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.84.1 * libopenssl1_0_0-32bit-1.0.2p-3.84.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 12:30:16 -0000 Subject: SUSE-SU-2023:3338-1: moderate: Security update for openssl-1_0_0 Message-ID: <169227541629.8095.5446747249620829995@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:3338-1 Rating: moderate References: * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3338=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3338=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3338=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3338=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.85.1 * libopenssl10-1.0.2p-150000.3.85.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.85.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.85.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.85.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.85.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.85.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.85.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.85.1 * libopenssl1_0_0-1.0.2p-150000.3.85.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.85.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.85.1 * libopenssl10-debuginfo-1.0.2p-150000.3.85.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.85.1 * libopenssl1_0_0-32bit-1.0.2p-150000.3.85.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.85.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.85.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.85.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.85.1 * openSUSE Leap 15.4 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.85.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.85.1 * libopenssl10-1.0.2p-150000.3.85.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.85.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.85.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.85.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.85.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.85.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.85.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.85.1 * libopenssl1_0_0-1.0.2p-150000.3.85.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.85.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.85.1 * libopenssl10-debuginfo-1.0.2p-150000.3.85.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.85.1 * libopenssl1_0_0-32bit-1.0.2p-150000.3.85.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.85.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.85.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.85.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.85.1 * openSUSE Leap 15.5 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.85.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.85.1 * libopenssl10-1.0.2p-150000.3.85.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.85.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.85.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.85.1 * libopenssl1_0_0-1.0.2p-150000.3.85.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.85.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.85.1 * libopenssl10-debuginfo-1.0.2p-150000.3.85.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-1.0.2p-150000.3.85.1 * libopenssl10-1.0.2p-150000.3.85.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.85.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.85.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.85.1 * libopenssl1_0_0-1.0.2p-150000.3.85.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.85.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.85.1 * libopenssl10-debuginfo-1.0.2p-150000.3.85.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 12:30:18 -0000 Subject: SUSE-RU-2023:3337-1: low: Recommended update for release-notes-sle-micro Message-ID: <169227541829.8095.18190833700404327666@smelt2.suse.de> # Recommended update for release-notes-sle-micro Announcement ID: SUSE-RU-2023:3337-1 Rating: low References: Affected Products: * openSUSE Leap 15.5 * SAP Applications Module 15-SP5 * SAP Business One Module 15-SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for patterns-sap-hana fixes the following issue: * Add package patterns-sap-hana ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Business One Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Business-One-15-SP5-2023-3337=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3337=1 openSUSE-SLE-15.5-2023-3337=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3337=1 ## Package List: * SAP Business One Module 15-SP5 (x86_64) * patterns-sap-hana-15.5-150500.5.2.2 * patterns-sap-bone-15.5-150500.5.2.2 * openSUSE Leap 15.5 (ppc64le x86_64) * patterns-sap-hana-15.5-150500.5.2.2 * patterns-sap-15.5-150500.5.2.2 * patterns-sap-bone-15.5-150500.5.2.2 * patterns-sap-nw-15.5-150500.5.2.2 * SAP Applications Module 15-SP5 (ppc64le x86_64) * patterns-sap-hana-15.5-150500.5.2.2 * patterns-sap-nw-15.5-150500.5.2.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 12:30:22 -0000 Subject: SUSE-RU-2023:3336-1: moderate: Recommended update for plymouth Message-ID: <169227542267.8095.18236157689287948613@smelt2.suse.de> # Recommended update for plymouth Announcement ID: SUSE-RU-2023:3336-1 Rating: moderate References: * #1141749 * #1193736 * #1208726 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for plymouth fixes the following issues: * Change bootup terminal to default to satisfy Nvidia proprietary driver (bsc#1208726) * Change configure options --with-shutdown-tty from 1 to 7 for shutdown message to be displayed (bsc#1141749) * Enable plymouth log by default to resolve random appear problems (bsc#1193736) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3336=1 openSUSE-SLE-15.4-2023-3336=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3336=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3336=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3336=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * plymouth-plugin-tribar-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-two-step-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-script-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-core5-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-tribar-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-devel-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-space-flares-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-graphics5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-fade-throbber-0.9.5~git20210406.e554475-150400.3.12.1 * libply-boot-client5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-space-flares-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-fade-throbber-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-ft-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.12.1 * libply5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-debugsource-0.9.5~git20210406.e554475-150400.3.12.1 * libply5-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-two-step-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-core5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-boot-client5-0.9.5~git20210406.e554475-150400.3.12.1 * openSUSE Leap 15.4 (noarch) * plymouth-theme-script-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-solar-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-spinfinity-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-branding-upstream-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-bgrt-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-scripts-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-spinner-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-lang-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-dracut-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-tribar-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-fade-in-0.9.5~git20210406.e554475-150400.3.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * plymouth-plugin-tribar-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-two-step-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-script-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-core5-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-tribar-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-devel-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-space-flares-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-graphics5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-fade-throbber-0.9.5~git20210406.e554475-150400.3.12.1 * libply-boot-client5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-space-flares-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-fade-throbber-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-ft-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.12.1 * libply5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-debugsource-0.9.5~git20210406.e554475-150400.3.12.1 * libply5-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-two-step-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-core5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-boot-client5-0.9.5~git20210406.e554475-150400.3.12.1 * openSUSE Leap 15.5 (noarch) * plymouth-theme-script-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-solar-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-spinfinity-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-branding-upstream-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-bgrt-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-scripts-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-spinner-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-lang-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-dracut-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-tribar-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-theme-fade-in-0.9.5~git20210406.e554475-150400.3.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * plymouth-devel-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.12.1 * libply-boot-client5-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-debugsource-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-graphics5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-ft-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-script-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.12.1 * libply-boot-client5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-core5-0.9.5~git20210406.e554475-150400.3.12.1 * libply5-0.9.5~git20210406.e554475-150400.3.12.1 * libply5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-core5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.12.1 * Basesystem Module 15-SP4 (noarch) * plymouth-lang-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-dracut-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-scripts-0.9.5~git20210406.e554475-150400.3.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * plymouth-devel-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.12.1 * libply-boot-client5-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-debugsource-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-graphics5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-ft-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-script-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.12.1 * libply-boot-client5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-core5-0.9.5~git20210406.e554475-150400.3.12.1 * libply5-0.9.5~git20210406.e554475-150400.3.12.1 * libply5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-plugin-label-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-core5-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-debuginfo-0.9.5~git20210406.e554475-150400.3.12.1 * libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.12.1 * Basesystem Module 15-SP5 (noarch) * plymouth-lang-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-dracut-0.9.5~git20210406.e554475-150400.3.12.1 * plymouth-scripts-0.9.5~git20210406.e554475-150400.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1141749 * https://bugzilla.suse.com/show_bug.cgi?id=1193736 * https://bugzilla.suse.com/show_bug.cgi?id=1208726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 12:30:24 -0000 Subject: SUSE-RU-2023:3335-1: moderate: Recommended update for ipmitool Message-ID: <169227542473.8095.1907388694977861027@smelt2.suse.de> # Recommended update for ipmitool Announcement ID: SUSE-RU-2023:3335-1 Rating: moderate References: * #1213390 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for ipmitool fixes the following issues: * ipmitool duplicates the timestamp (bsc#1213390) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3335=1 openSUSE-SLE-15.4-2023-3335=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3335=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3335=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3335=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3335=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3335=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * ipmitool-debugsource-1.8.18.238.gb7adc1d-150400.3.3.1 * ipmitool-debuginfo-1.8.18.238.gb7adc1d-150400.3.3.1 * ipmitool-1.8.18.238.gb7adc1d-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18.238.gb7adc1d-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ipmitool-debugsource-1.8.18.238.gb7adc1d-150400.3.3.1 * ipmitool-debuginfo-1.8.18.238.gb7adc1d-150400.3.3.1 * ipmitool-1.8.18.238.gb7adc1d-150400.3.3.1 * openSUSE Leap 15.5 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18.238.gb7adc1d-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ipmitool-debugsource-1.8.18.238.gb7adc1d-150400.3.3.1 * ipmitool-debuginfo-1.8.18.238.gb7adc1d-150400.3.3.1 * ipmitool-1.8.18.238.gb7adc1d-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ipmitool-debugsource-1.8.18.238.gb7adc1d-150400.3.3.1 * ipmitool-debuginfo-1.8.18.238.gb7adc1d-150400.3.3.1 * ipmitool-1.8.18.238.gb7adc1d-150400.3.3.1 * Server Applications Module 15-SP4 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18.238.gb7adc1d-150400.3.3.1 * Server Applications Module 15-SP5 (noarch) * ipmitool-bmc-snmp-proxy-1.8.18.238.gb7adc1d-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213390 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 12:30:26 -0000 Subject: SUSE-RU-2023:3334-1: moderate: Recommended update for selinux-policy Message-ID: <169227542681.8095.2979289567573165211@smelt2.suse.de> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2023:3334-1 Rating: moderate References: * #1213593 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has one recommended fix can now be installed. ## Description: This update for selinux-policy fixes the following issues: * Use /var/adm/update-scripts in macros.selinux-policy (bsc#1213593) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3334=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3334=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3334=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * selinux-policy-20210716-150400.5.3.1 * selinux-policy-targeted-20210716-150400.5.3.1 * selinux-policy-devel-20210716-150400.5.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * selinux-policy-20210716-150400.5.3.1 * selinux-policy-targeted-20210716-150400.5.3.1 * selinux-policy-devel-20210716-150400.5.3.1 * openSUSE Leap Micro 5.3 (noarch) * selinux-policy-20210716-150400.5.3.1 * selinux-policy-targeted-20210716-150400.5.3.1 * selinux-policy-devel-20210716-150400.5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213593 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 16:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 16:30:20 -0000 Subject: SUSE-SU-2023:3349-1: important: Security update for the Linux Kernel Message-ID: <169228982057.5496.14423013537974203120@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3349-1 Rating: important References: * #1087082 * #1150305 * #1173438 * #1188885 * #1202670 * #1202716 * #1205496 * #1206418 * #1207526 * #1207528 * #1207561 * #1207617 * #1207620 * #1207629 * #1207630 * #1207633 * #1207634 * #1207653 * #1208788 * #1210584 * #1210765 * #1210766 * #1210771 * #1211738 * #1211867 * #1212266 * #1212301 * #1212657 * #1212741 * #1212835 * #1212871 * #1212905 * #1212986 * #1212987 * #1212988 * #1212989 * #1212990 * #1213010 * #1213011 * #1213012 * #1213013 * #1213014 * #1213015 * #1213017 * #1213018 * #1213019 * #1213020 * #1213021 * #1213022 * #1213023 * #1213024 * #1213025 * #1213032 * #1213033 * #1213034 * #1213035 * #1213036 * #1213037 * #1213038 * #1213039 * #1213040 * #1213041 * #1213042 * #1213059 * #1213133 * #1213167 * #1213215 * #1213218 * #1213221 * #1213286 * #1213287 * #1213344 * #1213346 * #1213350 * #1213525 * #1213585 * #1213586 * #1213588 * #1213705 * #1213747 * #1213766 * #1213819 * #1213823 * #1213825 * #1213827 Cross-References: * CVE-2018-3639 * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-20593 * CVE-2023-2985 * CVE-2023-35001 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 CVSS scores: * CVE-2018-3639 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2018-3639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2018-3639 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 11 vulnerabilities and has 74 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). The following non-security bugs were fixed: * Get module prefix from kmod (bsc#1212835). * USB: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). * USB: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). * USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). * USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). * USB: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). * USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). * USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). * USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). * USB: serial: option: add Sierra Wireless EM9191 (git-fixes). * USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). * blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration (bsc#1213022). * btrfs: fix resolving backrefs for inline extent followed by prealloc (bsc#1213133). * delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705. * dlm: Delete an unnecessary variable initialisation in dlm_ls_start() (git- fixes). * dlm: NULL check before kmem_cache_destroy is not needed (git-fixes). * dlm: fix invalid cluster name warning (git-fixes). * dlm: fix missing idr_destroy for recover_idr (git-fixes). * dlm: fix missing lkb refcount handling (git-fixes). * dlm: fix plock invalid read (git-fixes). * dlm: fix possible call to kfree() for non-initialized pointer (git-fixes). * ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). * ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). * ext4: avoid BUG_ON when creating xattrs (bsc#1205496). * ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). * ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). * ext4: fail ext4_iget if special inode unallocated (bsc#1213010). * ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). * ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). * ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). * ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). * ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). * ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). * ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). * ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). * ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). * ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). * ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). * ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). * ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). * ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). * fs: dlm: cancel work sync othercon (git-fixes). * fs: dlm: filter user dlm messages for kernel locks (git-fixes). * fs: dlm: fix configfs memory leak (git-fixes). * fs: dlm: fix debugfs dump (git-fixes). * fs: dlm: fix memory leak when fenced (git-fixes). * fs: dlm: fix race between test_bit() and queue_work() (git-fixes). * fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). * fs: fix guard_bio_eod to check for real EOD errors (bsc#1213042). * fs: prevent BUG_ON in submit_bh_wbc() (bsc#1212990). * fuse: revalidate: do not invalidate if interrupted (bsc#1213525). * igb: revert rtnl_lock() that causes deadlock (git-fixes). * include/trace/events/writeback.h: fix -Wstringop-truncation warnings (bsc#1213023). * inotify: Avoid reporting event with invalid wd (bsc#1213025). * jbd2: Fix statistics for the number of logged blocks (bsc#1212988). * jbd2: abort journal if free a async write error metadata buffer (bsc#1212989). * jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). * jbd2: fix data races at struct journal_head (bsc#1173438). * jbd2: fix invalid descriptor block checksum (bsc#1212987). * jbd2: fix race when writing superblock (bsc#1212986). * jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). * kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. * kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). * lib/string: Add strscpy_pad() function (bsc#1213023). * mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). * memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). * memcg: fix a crash in wb_workfn when a device disappears (bsc#1213023). * net: mana: Add support for vlan tagging (bsc#1212301). * ocfs2: check new file size on fallocate call (git-fixes). * ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). * powerpc/64: update speculation_store_bypass in /proc/<pid>/status (bsc#1188885 ltc#193722 git-fixes). * powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross- boundary (bsc#1150305 ltc#176097 git-fixes). * rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. * s390/cio: check the subchannel validity for dev_busid (bsc#1207526). * s390/cpum_sf: adjust sampling interval to avoid hitting sample limits (git- fixes bsc#1213827). * s390/dasd: fix memleak in path handling error case (git-fixes bsc#1213221). * s390/maccess: add no dat mode to kernel_write (git-fixes bsc#1213825). * s390/numa: move initial setup of node_to_cpumask_map (git-fixes bsc#1213766). * s390/perf: Change CPUM_CF return code in event init function (git-fixes bsc#1213344). * s390/perf: Return error when debug_register fails (git-fixes bsc#1212657). * s390: limit brk randomization to 32MB (git-fixes bsc#1213346). * scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747). * uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). * uas: ignore UAS for Thinkplus chips (git-fixes). * ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584). * udf: Avoid double brelse() in udf_rename() (bsc#1213032). * udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). * udf: Define EFSCORRUPTED error code (bsc#1213038). * udf: Discard preallocation before extending file with a hole (bsc#1213036). * udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). * udf: Do not bother merging very long extents (bsc#1213040). * udf: Do not update file length for failed writes to inline files (bsc#1213041). * udf: Drop unused arguments of udf_delete_aext() (bsc#1213033). * udf: Fix extending file within last block (bsc#1213037). * udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). * udf: Truncate added extents on failed expansion (bsc#1213039). * update suse/s390-dasd-fix-no-record-found-for-raw_track_access (git-fixes bsc#1212266 bsc#1207528). * update suse/scsi-zfcp-fix-missing-auto-port-scan-and-thus-missing-target- ports (git-fixes bsc#1202670). * usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). * usrmerge: Adjust module path in the kernel sources (bsc#1212835). * vfio-ccw: Do not call flush_workqueue while holding the spinlock (git-fixes bsc#1213218). * vfio-ccw: fence off transport mode (git-fixes bsc#1213215). * vfio-ccw: prevent quiesce function going into an infinite loop (git-fixes bsc#1213819). * vfio-ccw: release any channel program when releasing/removing vfio-ccw mdev (git-fixes bsc#1213823). * writeback: fix call of incorrect macro (bsc#1213024). * x86/bugs: Enable STIBP for JMP2RET (git-fixes). * x86/bugs: Remove apostrophe typo (git-fixes). * x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes). * x86/cpu: Load microcode during restore_processor_state() (git-fixes). * x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). * x86/speculation/mmio: Print SMT warning (git-fixes). * x86: Fix return value of __setup handlers (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3349=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3349=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3349=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.146.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-syms-azure-4.12.14-16.146.1 * kernel-azure-devel-4.12.14-16.146.1 * kernel-azure-base-debuginfo-4.12.14-16.146.1 * kernel-azure-base-4.12.14-16.146.1 * kernel-azure-debuginfo-4.12.14-16.146.1 * kernel-azure-debugsource-4.12.14-16.146.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.146.1 * kernel-source-azure-4.12.14-16.146.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.146.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-syms-azure-4.12.14-16.146.1 * kernel-azure-devel-4.12.14-16.146.1 * kernel-azure-base-debuginfo-4.12.14-16.146.1 * kernel-azure-base-4.12.14-16.146.1 * kernel-azure-debuginfo-4.12.14-16.146.1 * kernel-azure-debugsource-4.12.14-16.146.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.146.1 * kernel-source-azure-4.12.14-16.146.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.146.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-syms-azure-4.12.14-16.146.1 * kernel-azure-devel-4.12.14-16.146.1 * kernel-azure-base-debuginfo-4.12.14-16.146.1 * kernel-azure-base-4.12.14-16.146.1 * kernel-azure-debuginfo-4.12.14-16.146.1 * kernel-azure-debugsource-4.12.14-16.146.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.146.1 * kernel-source-azure-4.12.14-16.146.1 ## References: * https://www.suse.com/security/cve/CVE-2018-3639.html * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://bugzilla.suse.com/show_bug.cgi?id=1087082 * https://bugzilla.suse.com/show_bug.cgi?id=1150305 * https://bugzilla.suse.com/show_bug.cgi?id=1173438 * https://bugzilla.suse.com/show_bug.cgi?id=1188885 * https://bugzilla.suse.com/show_bug.cgi?id=1202670 * https://bugzilla.suse.com/show_bug.cgi?id=1202716 * https://bugzilla.suse.com/show_bug.cgi?id=1205496 * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207526 * https://bugzilla.suse.com/show_bug.cgi?id=1207528 * https://bugzilla.suse.com/show_bug.cgi?id=1207561 * https://bugzilla.suse.com/show_bug.cgi?id=1207617 * https://bugzilla.suse.com/show_bug.cgi?id=1207620 * https://bugzilla.suse.com/show_bug.cgi?id=1207629 * https://bugzilla.suse.com/show_bug.cgi?id=1207630 * https://bugzilla.suse.com/show_bug.cgi?id=1207633 * https://bugzilla.suse.com/show_bug.cgi?id=1207634 * https://bugzilla.suse.com/show_bug.cgi?id=1207653 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1210765 * https://bugzilla.suse.com/show_bug.cgi?id=1210766 * https://bugzilla.suse.com/show_bug.cgi?id=1210771 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212266 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212657 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212871 * https://bugzilla.suse.com/show_bug.cgi?id=1212905 * https://bugzilla.suse.com/show_bug.cgi?id=1212986 * https://bugzilla.suse.com/show_bug.cgi?id=1212987 * https://bugzilla.suse.com/show_bug.cgi?id=1212988 * https://bugzilla.suse.com/show_bug.cgi?id=1212989 * https://bugzilla.suse.com/show_bug.cgi?id=1212990 * https://bugzilla.suse.com/show_bug.cgi?id=1213010 * https://bugzilla.suse.com/show_bug.cgi?id=1213011 * https://bugzilla.suse.com/show_bug.cgi?id=1213012 * https://bugzilla.suse.com/show_bug.cgi?id=1213013 * https://bugzilla.suse.com/show_bug.cgi?id=1213014 * https://bugzilla.suse.com/show_bug.cgi?id=1213015 * https://bugzilla.suse.com/show_bug.cgi?id=1213017 * https://bugzilla.suse.com/show_bug.cgi?id=1213018 * https://bugzilla.suse.com/show_bug.cgi?id=1213019 * https://bugzilla.suse.com/show_bug.cgi?id=1213020 * https://bugzilla.suse.com/show_bug.cgi?id=1213021 * https://bugzilla.suse.com/show_bug.cgi?id=1213022 * https://bugzilla.suse.com/show_bug.cgi?id=1213023 * https://bugzilla.suse.com/show_bug.cgi?id=1213024 * https://bugzilla.suse.com/show_bug.cgi?id=1213025 * https://bugzilla.suse.com/show_bug.cgi?id=1213032 * https://bugzilla.suse.com/show_bug.cgi?id=1213033 * https://bugzilla.suse.com/show_bug.cgi?id=1213034 * https://bugzilla.suse.com/show_bug.cgi?id=1213035 * https://bugzilla.suse.com/show_bug.cgi?id=1213036 * https://bugzilla.suse.com/show_bug.cgi?id=1213037 * https://bugzilla.suse.com/show_bug.cgi?id=1213038 * https://bugzilla.suse.com/show_bug.cgi?id=1213039 * https://bugzilla.suse.com/show_bug.cgi?id=1213040 * https://bugzilla.suse.com/show_bug.cgi?id=1213041 * https://bugzilla.suse.com/show_bug.cgi?id=1213042 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213133 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213215 * https://bugzilla.suse.com/show_bug.cgi?id=1213218 * https://bugzilla.suse.com/show_bug.cgi?id=1213221 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213344 * https://bugzilla.suse.com/show_bug.cgi?id=1213346 * https://bugzilla.suse.com/show_bug.cgi?id=1213350 * https://bugzilla.suse.com/show_bug.cgi?id=1213525 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://bugzilla.suse.com/show_bug.cgi?id=1213747 * https://bugzilla.suse.com/show_bug.cgi?id=1213766 * https://bugzilla.suse.com/show_bug.cgi?id=1213819 * https://bugzilla.suse.com/show_bug.cgi?id=1213823 * https://bugzilla.suse.com/show_bug.cgi?id=1213825 * https://bugzilla.suse.com/show_bug.cgi?id=1213827 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 16:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 16:30:23 -0000 Subject: SUSE-SU-2023:3348-1: moderate: Security update for postgresql15 Message-ID: <169228982330.5496.15646965870045574084@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:3348-1 Rating: moderate References: * #1214059 Cross-References: * CVE-2023-39417 CVSS scores: * CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql15 fixes the following issues: * Update to 14.9 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3348=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3348=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3348=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3348=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3348=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3348=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3348=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3348=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3348=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3348=1 ## Package List: * SUSE Manager Retail Branch Server 4.2 (x86_64) * postgresql14-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-devel-14.9-150200.5.29.1 * postgresql14-plperl-debuginfo-14.9-150200.5.29.1 * postgresql14-plperl-14.9-150200.5.29.1 * postgresql14-14.9-150200.5.29.1 * postgresql14-pltcl-14.9-150200.5.29.1 * postgresql14-plpython-debuginfo-14.9-150200.5.29.1 * postgresql14-plpython-14.9-150200.5.29.1 * postgresql14-contrib-debuginfo-14.9-150200.5.29.1 * postgresql14-server-debuginfo-14.9-150200.5.29.1 * postgresql14-server-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-server-14.9-150200.5.29.1 * postgresql14-contrib-14.9-150200.5.29.1 * postgresql14-pltcl-debuginfo-14.9-150200.5.29.1 * postgresql14-server-devel-14.9-150200.5.29.1 * postgresql14-debugsource-14.9-150200.5.29.1 * postgresql14-debuginfo-14.9-150200.5.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * postgresql14-docs-14.9-150200.5.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * postgresql14-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-devel-14.9-150200.5.29.1 * postgresql14-plperl-debuginfo-14.9-150200.5.29.1 * postgresql14-plperl-14.9-150200.5.29.1 * postgresql14-14.9-150200.5.29.1 * postgresql14-pltcl-14.9-150200.5.29.1 * postgresql14-plpython-debuginfo-14.9-150200.5.29.1 * postgresql14-plpython-14.9-150200.5.29.1 * postgresql14-contrib-debuginfo-14.9-150200.5.29.1 * postgresql14-server-debuginfo-14.9-150200.5.29.1 * postgresql14-server-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-server-14.9-150200.5.29.1 * postgresql14-contrib-14.9-150200.5.29.1 * postgresql14-pltcl-debuginfo-14.9-150200.5.29.1 * postgresql14-server-devel-14.9-150200.5.29.1 * postgresql14-debugsource-14.9-150200.5.29.1 * postgresql14-debuginfo-14.9-150200.5.29.1 * SUSE Manager Server 4.2 (noarch) * postgresql14-docs-14.9-150200.5.29.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql14-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-contrib-14.9-150200.5.29.1 * postgresql14-14.9-150200.5.29.1 * postgresql14-debugsource-14.9-150200.5.29.1 * postgresql14-plperl-debuginfo-14.9-150200.5.29.1 * postgresql14-plperl-14.9-150200.5.29.1 * postgresql14-pltcl-14.9-150200.5.29.1 * postgresql14-plpython-debuginfo-14.9-150200.5.29.1 * postgresql14-contrib-debuginfo-14.9-150200.5.29.1 * postgresql14-devel-14.9-150200.5.29.1 * postgresql14-llvmjit-devel-14.9-150200.5.29.1 * postgresql14-llvmjit-14.9-150200.5.29.1 * postgresql14-server-devel-14.9-150200.5.29.1 * postgresql14-debuginfo-14.9-150200.5.29.1 * postgresql14-server-debuginfo-14.9-150200.5.29.1 * postgresql14-plpython-14.9-150200.5.29.1 * postgresql14-server-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-llvmjit-debuginfo-14.9-150200.5.29.1 * postgresql14-pltcl-debuginfo-14.9-150200.5.29.1 * postgresql14-server-14.9-150200.5.29.1 * postgresql14-test-14.9-150200.5.29.1 * openSUSE Leap 15.4 (noarch) * postgresql14-docs-14.9-150200.5.29.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql14-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-contrib-14.9-150200.5.29.1 * postgresql14-14.9-150200.5.29.1 * postgresql14-debugsource-14.9-150200.5.29.1 * postgresql14-plperl-debuginfo-14.9-150200.5.29.1 * postgresql14-plperl-14.9-150200.5.29.1 * postgresql14-pltcl-14.9-150200.5.29.1 * postgresql14-plpython-debuginfo-14.9-150200.5.29.1 * postgresql14-contrib-debuginfo-14.9-150200.5.29.1 * postgresql14-devel-14.9-150200.5.29.1 * postgresql14-llvmjit-devel-14.9-150200.5.29.1 * postgresql14-llvmjit-14.9-150200.5.29.1 * postgresql14-server-devel-14.9-150200.5.29.1 * postgresql14-debuginfo-14.9-150200.5.29.1 * postgresql14-server-debuginfo-14.9-150200.5.29.1 * postgresql14-plpython-14.9-150200.5.29.1 * postgresql14-server-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-llvmjit-debuginfo-14.9-150200.5.29.1 * postgresql14-pltcl-debuginfo-14.9-150200.5.29.1 * postgresql14-server-14.9-150200.5.29.1 * postgresql14-test-14.9-150200.5.29.1 * openSUSE Leap 15.5 (noarch) * postgresql14-docs-14.9-150200.5.29.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-debugsource-14.9-150200.5.29.1 * postgresql14-14.9-150200.5.29.1 * postgresql14-debuginfo-14.9-150200.5.29.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-devel-14.9-150200.5.29.1 * postgresql14-plperl-debuginfo-14.9-150200.5.29.1 * postgresql14-plperl-14.9-150200.5.29.1 * postgresql14-llvmjit-devel-14.9-150200.5.29.1 * postgresql14-14.9-150200.5.29.1 * postgresql14-llvmjit-14.9-150200.5.29.1 * postgresql14-plpython-debuginfo-14.9-150200.5.29.1 * postgresql14-plpython-14.9-150200.5.29.1 * postgresql14-contrib-debuginfo-14.9-150200.5.29.1 * postgresql14-pltcl-14.9-150200.5.29.1 * postgresql14-llvmjit-debuginfo-14.9-150200.5.29.1 * postgresql14-server-14.9-150200.5.29.1 * postgresql14-server-debuginfo-14.9-150200.5.29.1 * postgresql14-contrib-14.9-150200.5.29.1 * postgresql14-pltcl-debuginfo-14.9-150200.5.29.1 * postgresql14-server-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-server-devel-14.9-150200.5.29.1 * postgresql14-debugsource-14.9-150200.5.29.1 * postgresql14-debuginfo-14.9-150200.5.29.1 * Legacy Module 15-SP5 (noarch) * postgresql14-docs-14.9-150200.5.29.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-llvmjit-devel-14.9-150200.5.29.1 * postgresql14-llvmjit-14.9-150200.5.29.1 * postgresql14-llvmjit-debuginfo-14.9-150200.5.29.1 * postgresql14-test-14.9-150200.5.29.1 * postgresql14-debugsource-14.9-150200.5.29.1 * postgresql14-debuginfo-14.9-150200.5.29.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-debuginfo-14.9-150200.5.29.1 * postgresql14-llvmjit-14.9-150200.5.29.1 * postgresql14-llvmjit-debuginfo-14.9-150200.5.29.1 * postgresql14-debugsource-14.9-150200.5.29.1 * postgresql14-test-14.9-150200.5.29.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-devel-14.9-150200.5.29.1 * postgresql14-plperl-debuginfo-14.9-150200.5.29.1 * postgresql14-plperl-14.9-150200.5.29.1 * postgresql14-pltcl-14.9-150200.5.29.1 * postgresql14-server-debuginfo-14.9-150200.5.29.1 * postgresql14-plpython-debuginfo-14.9-150200.5.29.1 * postgresql14-plpython-14.9-150200.5.29.1 * postgresql14-contrib-debuginfo-14.9-150200.5.29.1 * postgresql14-server-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-server-14.9-150200.5.29.1 * postgresql14-contrib-14.9-150200.5.29.1 * postgresql14-pltcl-debuginfo-14.9-150200.5.29.1 * postgresql14-server-devel-14.9-150200.5.29.1 * postgresql14-debugsource-14.9-150200.5.29.1 * postgresql14-debuginfo-14.9-150200.5.29.1 * Server Applications Module 15-SP4 (noarch) * postgresql14-docs-14.9-150200.5.29.1 * SUSE Manager Proxy 4.2 (x86_64) * postgresql14-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-devel-14.9-150200.5.29.1 * postgresql14-plperl-debuginfo-14.9-150200.5.29.1 * postgresql14-plperl-14.9-150200.5.29.1 * postgresql14-14.9-150200.5.29.1 * postgresql14-pltcl-14.9-150200.5.29.1 * postgresql14-plpython-debuginfo-14.9-150200.5.29.1 * postgresql14-plpython-14.9-150200.5.29.1 * postgresql14-contrib-debuginfo-14.9-150200.5.29.1 * postgresql14-server-debuginfo-14.9-150200.5.29.1 * postgresql14-server-devel-debuginfo-14.9-150200.5.29.1 * postgresql14-server-14.9-150200.5.29.1 * postgresql14-contrib-14.9-150200.5.29.1 * postgresql14-pltcl-debuginfo-14.9-150200.5.29.1 * postgresql14-server-devel-14.9-150200.5.29.1 * postgresql14-debugsource-14.9-150200.5.29.1 * postgresql14-debuginfo-14.9-150200.5.29.1 * SUSE Manager Proxy 4.2 (noarch) * postgresql14-docs-14.9-150200.5.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39417.html * https://bugzilla.suse.com/show_bug.cgi?id=1214059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 16:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 16:30:26 -0000 Subject: SUSE-SU-2023:3347-1: moderate: Security update for postgresql15 Message-ID: <169228982663.5496.5943782642524282204@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:3347-1 Rating: moderate References: * #1214059 * #1214061 Cross-References: * CVE-2023-39417 * CVE-2023-39418 CVSS scores: * CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-39418 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-39418 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for postgresql15 fixes the following issues: * Update to 15.4 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) * CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3347=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3347=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3347=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3347=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3347=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3347=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3347=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3347=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3347=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3347=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql15-plpython-15.4-150200.5.12.1 * libecpg6-15.4-150200.5.12.1 * postgresql15-devel-debuginfo-15.4-150200.5.12.1 * libpq5-15.4-150200.5.12.1 * postgresql15-devel-15.4-150200.5.12.1 * postgresql15-server-devel-15.4-150200.5.12.1 * postgresql15-llvmjit-15.4-150200.5.12.1 * postgresql15-contrib-15.4-150200.5.12.1 * postgresql15-15.4-150200.5.12.1 * postgresql15-server-devel-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-15.4-150200.5.12.1 * postgresql15-llvmjit-devel-15.4-150200.5.12.1 * postgresql15-server-15.4-150200.5.12.1 * postgresql15-plpython-debuginfo-15.4-150200.5.12.1 * libpq5-debuginfo-15.4-150200.5.12.1 * postgresql15-debugsource-15.4-150200.5.12.1 * postgresql15-test-15.4-150200.5.12.1 * postgresql15-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-debuginfo-15.4-150200.5.12.1 * libecpg6-debuginfo-15.4-150200.5.12.1 * postgresql15-llvmjit-debuginfo-15.4-150200.5.12.1 * postgresql15-plperl-15.4-150200.5.12.1 * postgresql15-plperl-debuginfo-15.4-150200.5.12.1 * postgresql15-server-debuginfo-15.4-150200.5.12.1 * postgresql15-contrib-debuginfo-15.4-150200.5.12.1 * openSUSE Leap 15.4 (x86_64) * libecpg6-32bit-debuginfo-15.4-150200.5.12.1 * libpq5-32bit-debuginfo-15.4-150200.5.12.1 * libpq5-32bit-15.4-150200.5.12.1 * libecpg6-32bit-15.4-150200.5.12.1 * openSUSE Leap 15.4 (noarch) * postgresql15-docs-15.4-150200.5.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql15-plpython-15.4-150200.5.12.1 * libecpg6-15.4-150200.5.12.1 * postgresql15-devel-debuginfo-15.4-150200.5.12.1 * libpq5-15.4-150200.5.12.1 * postgresql15-devel-15.4-150200.5.12.1 * postgresql15-server-devel-15.4-150200.5.12.1 * postgresql15-llvmjit-15.4-150200.5.12.1 * postgresql15-contrib-15.4-150200.5.12.1 * postgresql15-15.4-150200.5.12.1 * postgresql15-server-devel-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-15.4-150200.5.12.1 * postgresql15-llvmjit-devel-15.4-150200.5.12.1 * postgresql15-server-15.4-150200.5.12.1 * postgresql15-plpython-debuginfo-15.4-150200.5.12.1 * libpq5-debuginfo-15.4-150200.5.12.1 * postgresql15-debugsource-15.4-150200.5.12.1 * postgresql15-test-15.4-150200.5.12.1 * postgresql15-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-debuginfo-15.4-150200.5.12.1 * libecpg6-debuginfo-15.4-150200.5.12.1 * postgresql15-llvmjit-debuginfo-15.4-150200.5.12.1 * postgresql15-plperl-15.4-150200.5.12.1 * postgresql15-plperl-debuginfo-15.4-150200.5.12.1 * postgresql15-server-debuginfo-15.4-150200.5.12.1 * postgresql15-contrib-debuginfo-15.4-150200.5.12.1 * openSUSE Leap 15.5 (x86_64) * libecpg6-32bit-debuginfo-15.4-150200.5.12.1 * libpq5-32bit-debuginfo-15.4-150200.5.12.1 * libpq5-32bit-15.4-150200.5.12.1 * libecpg6-32bit-15.4-150200.5.12.1 * openSUSE Leap 15.5 (noarch) * postgresql15-docs-15.4-150200.5.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql15-debuginfo-15.4-150200.5.12.1 * libpq5-15.4-150200.5.12.1 * libpq5-debuginfo-15.4-150200.5.12.1 * postgresql15-15.4-150200.5.12.1 * postgresql15-debugsource-15.4-150200.5.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql15-debuginfo-15.4-150200.5.12.1 * libpq5-15.4-150200.5.12.1 * libpq5-debuginfo-15.4-150200.5.12.1 * postgresql15-15.4-150200.5.12.1 * postgresql15-debugsource-15.4-150200.5.12.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql15-llvmjit-debuginfo-15.4-150200.5.12.1 * postgresql15-test-15.4-150200.5.12.1 * postgresql15-llvmjit-15.4-150200.5.12.1 * postgresql15-llvmjit-devel-15.4-150200.5.12.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql15-plpython-15.4-150200.5.12.1 * postgresql15-server-debuginfo-15.4-150200.5.12.1 * postgresql15-debuginfo-15.4-150200.5.12.1 * libecpg6-15.4-150200.5.12.1 * postgresql15-pltcl-debuginfo-15.4-150200.5.12.1 * postgresql15-devel-debuginfo-15.4-150200.5.12.1 * postgresql15-server-15.4-150200.5.12.1 * libecpg6-debuginfo-15.4-150200.5.12.1 * postgresql15-plpython-debuginfo-15.4-150200.5.12.1 * postgresql15-devel-15.4-150200.5.12.1 * postgresql15-plperl-15.4-150200.5.12.1 * postgresql15-server-devel-15.4-150200.5.12.1 * postgresql15-contrib-15.4-150200.5.12.1 * postgresql15-debugsource-15.4-150200.5.12.1 * postgresql15-server-devel-debuginfo-15.4-150200.5.12.1 * postgresql15-plperl-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-15.4-150200.5.12.1 * postgresql15-contrib-debuginfo-15.4-150200.5.12.1 * Server Applications Module 15-SP4 (noarch) * postgresql15-docs-15.4-150200.5.12.1 * Server Applications Module 15-SP4 (ppc64le) * postgresql15-15.4-150200.5.12.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql15-plpython-15.4-150200.5.12.1 * postgresql15-server-debuginfo-15.4-150200.5.12.1 * postgresql15-debuginfo-15.4-150200.5.12.1 * libecpg6-15.4-150200.5.12.1 * postgresql15-pltcl-debuginfo-15.4-150200.5.12.1 * postgresql15-devel-debuginfo-15.4-150200.5.12.1 * postgresql15-server-15.4-150200.5.12.1 * libecpg6-debuginfo-15.4-150200.5.12.1 * postgresql15-plpython-debuginfo-15.4-150200.5.12.1 * postgresql15-devel-15.4-150200.5.12.1 * postgresql15-plperl-15.4-150200.5.12.1 * postgresql15-server-devel-15.4-150200.5.12.1 * postgresql15-contrib-15.4-150200.5.12.1 * postgresql15-debugsource-15.4-150200.5.12.1 * postgresql15-server-devel-debuginfo-15.4-150200.5.12.1 * postgresql15-plperl-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-15.4-150200.5.12.1 * postgresql15-contrib-debuginfo-15.4-150200.5.12.1 * Server Applications Module 15-SP5 (noarch) * postgresql15-docs-15.4-150200.5.12.1 * SUSE Manager Proxy 4.2 (x86_64) * postgresql15-plpython-15.4-150200.5.12.1 * libecpg6-15.4-150200.5.12.1 * postgresql15-devel-debuginfo-15.4-150200.5.12.1 * libpq5-15.4-150200.5.12.1 * postgresql15-devel-15.4-150200.5.12.1 * postgresql15-server-devel-15.4-150200.5.12.1 * postgresql15-contrib-15.4-150200.5.12.1 * postgresql15-15.4-150200.5.12.1 * postgresql15-server-devel-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-15.4-150200.5.12.1 * postgresql15-server-15.4-150200.5.12.1 * postgresql15-plpython-debuginfo-15.4-150200.5.12.1 * libpq5-debuginfo-15.4-150200.5.12.1 * postgresql15-debugsource-15.4-150200.5.12.1 * postgresql15-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-debuginfo-15.4-150200.5.12.1 * libecpg6-debuginfo-15.4-150200.5.12.1 * postgresql15-plperl-15.4-150200.5.12.1 * postgresql15-plperl-debuginfo-15.4-150200.5.12.1 * postgresql15-server-debuginfo-15.4-150200.5.12.1 * postgresql15-contrib-debuginfo-15.4-150200.5.12.1 * SUSE Manager Proxy 4.2 (noarch) * postgresql15-docs-15.4-150200.5.12.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * postgresql15-plpython-15.4-150200.5.12.1 * libecpg6-15.4-150200.5.12.1 * postgresql15-devel-debuginfo-15.4-150200.5.12.1 * libpq5-15.4-150200.5.12.1 * postgresql15-devel-15.4-150200.5.12.1 * postgresql15-server-devel-15.4-150200.5.12.1 * postgresql15-contrib-15.4-150200.5.12.1 * postgresql15-15.4-150200.5.12.1 * postgresql15-server-devel-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-15.4-150200.5.12.1 * postgresql15-server-15.4-150200.5.12.1 * postgresql15-plpython-debuginfo-15.4-150200.5.12.1 * libpq5-debuginfo-15.4-150200.5.12.1 * postgresql15-debugsource-15.4-150200.5.12.1 * postgresql15-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-debuginfo-15.4-150200.5.12.1 * libecpg6-debuginfo-15.4-150200.5.12.1 * postgresql15-plperl-15.4-150200.5.12.1 * postgresql15-plperl-debuginfo-15.4-150200.5.12.1 * postgresql15-server-debuginfo-15.4-150200.5.12.1 * postgresql15-contrib-debuginfo-15.4-150200.5.12.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * postgresql15-docs-15.4-150200.5.12.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * postgresql15-plpython-15.4-150200.5.12.1 * libecpg6-15.4-150200.5.12.1 * postgresql15-devel-debuginfo-15.4-150200.5.12.1 * libpq5-15.4-150200.5.12.1 * postgresql15-devel-15.4-150200.5.12.1 * postgresql15-server-devel-15.4-150200.5.12.1 * postgresql15-contrib-15.4-150200.5.12.1 * postgresql15-15.4-150200.5.12.1 * postgresql15-server-devel-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-15.4-150200.5.12.1 * postgresql15-server-15.4-150200.5.12.1 * postgresql15-plpython-debuginfo-15.4-150200.5.12.1 * libpq5-debuginfo-15.4-150200.5.12.1 * postgresql15-debugsource-15.4-150200.5.12.1 * postgresql15-debuginfo-15.4-150200.5.12.1 * postgresql15-pltcl-debuginfo-15.4-150200.5.12.1 * libecpg6-debuginfo-15.4-150200.5.12.1 * postgresql15-plperl-15.4-150200.5.12.1 * postgresql15-plperl-debuginfo-15.4-150200.5.12.1 * postgresql15-server-debuginfo-15.4-150200.5.12.1 * postgresql15-contrib-debuginfo-15.4-150200.5.12.1 * SUSE Manager Server 4.2 (noarch) * postgresql15-docs-15.4-150200.5.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39417.html * https://www.suse.com/security/cve/CVE-2023-39418.html * https://bugzilla.suse.com/show_bug.cgi?id=1214059 * https://bugzilla.suse.com/show_bug.cgi?id=1214061 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 16:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 16:30:29 -0000 Subject: SUSE-SU-2023:3346-1: moderate: Security update for postgresql12 Message-ID: <169228982949.5496.7807377729816895910@smelt2.suse.de> # Security update for postgresql12 Announcement ID: SUSE-SU-2023:3346-1 Rating: moderate References: * #1214059 Cross-References: * CVE-2023-39417 CVSS scores: * CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql12 fixes the following issues: This update for postgresql12 fixes the following issues: * CVE-2023-39417: Fixed potential SQL injection for trusted extensions (bsc#1214059). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3346=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3346=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3346=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * postgresql12-plperl-12.16-150100.3.44.1 * postgresql12-debuginfo-12.16-150100.3.44.1 * libecpg6-12.16-150100.3.44.1 * postgresql12-devel-debuginfo-12.16-150100.3.44.1 * postgresql12-server-devel-debuginfo-12.16-150100.3.44.1 * postgresql12-contrib-debuginfo-12.16-150100.3.44.1 * postgresql12-contrib-12.16-150100.3.44.1 * postgresql12-server-devel-12.16-150100.3.44.1 * libecpg6-debuginfo-12.16-150100.3.44.1 * postgresql12-debugsource-12.16-150100.3.44.1 * postgresql12-pltcl-12.16-150100.3.44.1 * postgresql12-devel-12.16-150100.3.44.1 * postgresql12-pltcl-debuginfo-12.16-150100.3.44.1 * postgresql12-server-12.16-150100.3.44.1 * libpq5-debuginfo-12.16-150100.3.44.1 * postgresql12-12.16-150100.3.44.1 * libpq5-12.16-150100.3.44.1 * postgresql12-plpython-12.16-150100.3.44.1 * postgresql12-plpython-debuginfo-12.16-150100.3.44.1 * postgresql12-server-debuginfo-12.16-150100.3.44.1 * postgresql12-plperl-debuginfo-12.16-150100.3.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * postgresql12-docs-12.16-150100.3.44.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libpq5-32bit-12.16-150100.3.44.1 * libpq5-32bit-debuginfo-12.16-150100.3.44.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * postgresql12-plperl-12.16-150100.3.44.1 * postgresql12-debuginfo-12.16-150100.3.44.1 * libecpg6-12.16-150100.3.44.1 * postgresql12-devel-debuginfo-12.16-150100.3.44.1 * postgresql12-server-devel-debuginfo-12.16-150100.3.44.1 * postgresql12-contrib-debuginfo-12.16-150100.3.44.1 * postgresql12-contrib-12.16-150100.3.44.1 * postgresql12-server-devel-12.16-150100.3.44.1 * libecpg6-debuginfo-12.16-150100.3.44.1 * postgresql12-debugsource-12.16-150100.3.44.1 * postgresql12-pltcl-12.16-150100.3.44.1 * postgresql12-devel-12.16-150100.3.44.1 * postgresql12-pltcl-debuginfo-12.16-150100.3.44.1 * postgresql12-server-12.16-150100.3.44.1 * libpq5-debuginfo-12.16-150100.3.44.1 * postgresql12-12.16-150100.3.44.1 * libpq5-12.16-150100.3.44.1 * postgresql12-plpython-12.16-150100.3.44.1 * postgresql12-plpython-debuginfo-12.16-150100.3.44.1 * postgresql12-server-debuginfo-12.16-150100.3.44.1 * postgresql12-plperl-debuginfo-12.16-150100.3.44.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * postgresql12-docs-12.16-150100.3.44.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libpq5-32bit-12.16-150100.3.44.1 * libpq5-32bit-debuginfo-12.16-150100.3.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * postgresql12-plperl-12.16-150100.3.44.1 * postgresql12-debuginfo-12.16-150100.3.44.1 * libecpg6-12.16-150100.3.44.1 * postgresql12-devel-debuginfo-12.16-150100.3.44.1 * postgresql12-server-devel-debuginfo-12.16-150100.3.44.1 * postgresql12-contrib-debuginfo-12.16-150100.3.44.1 * postgresql12-contrib-12.16-150100.3.44.1 * postgresql12-server-devel-12.16-150100.3.44.1 * libecpg6-debuginfo-12.16-150100.3.44.1 * postgresql12-debugsource-12.16-150100.3.44.1 * postgresql12-pltcl-12.16-150100.3.44.1 * postgresql12-devel-12.16-150100.3.44.1 * postgresql12-pltcl-debuginfo-12.16-150100.3.44.1 * postgresql12-server-12.16-150100.3.44.1 * libpq5-debuginfo-12.16-150100.3.44.1 * postgresql12-12.16-150100.3.44.1 * libpq5-12.16-150100.3.44.1 * postgresql12-plpython-12.16-150100.3.44.1 * postgresql12-plpython-debuginfo-12.16-150100.3.44.1 * postgresql12-server-debuginfo-12.16-150100.3.44.1 * postgresql12-plperl-debuginfo-12.16-150100.3.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * postgresql12-docs-12.16-150100.3.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libpq5-32bit-12.16-150100.3.44.1 * libpq5-32bit-debuginfo-12.16-150100.3.44.1 * SUSE CaaS Platform 4.0 (x86_64) * postgresql12-plperl-12.16-150100.3.44.1 * postgresql12-debuginfo-12.16-150100.3.44.1 * libecpg6-12.16-150100.3.44.1 * postgresql12-devel-debuginfo-12.16-150100.3.44.1 * postgresql12-server-devel-debuginfo-12.16-150100.3.44.1 * postgresql12-contrib-debuginfo-12.16-150100.3.44.1 * postgresql12-contrib-12.16-150100.3.44.1 * postgresql12-server-devel-12.16-150100.3.44.1 * libecpg6-debuginfo-12.16-150100.3.44.1 * postgresql12-debugsource-12.16-150100.3.44.1 * libpq5-32bit-debuginfo-12.16-150100.3.44.1 * postgresql12-pltcl-12.16-150100.3.44.1 * postgresql12-devel-12.16-150100.3.44.1 * postgresql12-pltcl-debuginfo-12.16-150100.3.44.1 * postgresql12-server-12.16-150100.3.44.1 * libpq5-debuginfo-12.16-150100.3.44.1 * libpq5-32bit-12.16-150100.3.44.1 * postgresql12-12.16-150100.3.44.1 * libpq5-12.16-150100.3.44.1 * postgresql12-plpython-12.16-150100.3.44.1 * postgresql12-plpython-debuginfo-12.16-150100.3.44.1 * postgresql12-server-debuginfo-12.16-150100.3.44.1 * postgresql12-plperl-debuginfo-12.16-150100.3.44.1 * SUSE CaaS Platform 4.0 (noarch) * postgresql12-docs-12.16-150100.3.44.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39417.html * https://bugzilla.suse.com/show_bug.cgi?id=1214059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 16:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 16:30:31 -0000 Subject: SUSE-SU-2023:3345-1: moderate: Security update for postgresql15 Message-ID: <169228983141.5496.1277770374222621077@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:3345-1 Rating: moderate References: * #1214059 Cross-References: * CVE-2023-39417 CVSS scores: * CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql15 fixes the following issues: * Update to 13.12 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3345=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3345=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3345=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3345=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql13-devel-13.12-3.36.1 * postgresql13-debugsource-13.12-3.36.1 * postgresql13-devel-debuginfo-13.12-3.36.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * postgresql13-server-devel-debuginfo-13.12-3.36.1 * postgresql13-server-devel-13.12-3.36.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * postgresql13-plpython-debuginfo-13.12-3.36.1 * postgresql13-pltcl-13.12-3.36.1 * postgresql13-contrib-13.12-3.36.1 * postgresql13-contrib-debuginfo-13.12-3.36.1 * postgresql13-plperl-13.12-3.36.1 * postgresql13-13.12-3.36.1 * postgresql13-server-13.12-3.36.1 * postgresql13-debugsource-13.12-3.36.1 * postgresql13-server-debuginfo-13.12-3.36.1 * postgresql13-plperl-debuginfo-13.12-3.36.1 * postgresql13-pltcl-debuginfo-13.12-3.36.1 * postgresql13-debuginfo-13.12-3.36.1 * postgresql13-plpython-13.12-3.36.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * postgresql13-docs-13.12-3.36.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * postgresql13-plpython-debuginfo-13.12-3.36.1 * postgresql13-pltcl-13.12-3.36.1 * postgresql13-contrib-13.12-3.36.1 * postgresql13-contrib-debuginfo-13.12-3.36.1 * postgresql13-plperl-13.12-3.36.1 * postgresql13-13.12-3.36.1 * postgresql13-server-13.12-3.36.1 * postgresql13-debugsource-13.12-3.36.1 * postgresql13-server-debuginfo-13.12-3.36.1 * postgresql13-plperl-debuginfo-13.12-3.36.1 * postgresql13-pltcl-debuginfo-13.12-3.36.1 * postgresql13-debuginfo-13.12-3.36.1 * postgresql13-plpython-13.12-3.36.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * postgresql13-docs-13.12-3.36.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * postgresql13-plpython-debuginfo-13.12-3.36.1 * postgresql13-pltcl-13.12-3.36.1 * postgresql13-contrib-13.12-3.36.1 * postgresql13-contrib-debuginfo-13.12-3.36.1 * postgresql13-plperl-13.12-3.36.1 * postgresql13-13.12-3.36.1 * postgresql13-server-13.12-3.36.1 * postgresql13-debugsource-13.12-3.36.1 * postgresql13-server-debuginfo-13.12-3.36.1 * postgresql13-plperl-debuginfo-13.12-3.36.1 * postgresql13-pltcl-debuginfo-13.12-3.36.1 * postgresql13-debuginfo-13.12-3.36.1 * postgresql13-plpython-13.12-3.36.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * postgresql13-docs-13.12-3.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39417.html * https://bugzilla.suse.com/show_bug.cgi?id=1214059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 17 16:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Aug 2023 16:30:33 -0000 Subject: SUSE-SU-2023:3344-1: moderate: Security update for postgresql15 Message-ID: <169228983375.5496.12359594817885400176@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:3344-1 Rating: moderate References: * #1214059 Cross-References: * CVE-2023-39417 CVSS scores: * CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql15 fixes the following issues: * Update to 13.12 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3344=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3344=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3344=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3344=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3344=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3344=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql13-debugsource-13.12-150200.5.43.1 * postgresql13-llvmjit-devel-13.12-150200.5.43.1 * postgresql13-plperl-13.12-150200.5.43.1 * postgresql13-pltcl-13.12-150200.5.43.1 * postgresql13-debuginfo-13.12-150200.5.43.1 * postgresql13-llvmjit-debuginfo-13.12-150200.5.43.1 * postgresql13-server-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-server-devel-13.12-150200.5.43.1 * postgresql13-13.12-150200.5.43.1 * postgresql13-llvmjit-13.12-150200.5.43.1 * postgresql13-contrib-debuginfo-13.12-150200.5.43.1 * postgresql13-test-13.12-150200.5.43.1 * postgresql13-devel-13.12-150200.5.43.1 * postgresql13-plpython-debuginfo-13.12-150200.5.43.1 * postgresql13-plpython-13.12-150200.5.43.1 * postgresql13-pltcl-debuginfo-13.12-150200.5.43.1 * postgresql13-server-13.12-150200.5.43.1 * postgresql13-plperl-debuginfo-13.12-150200.5.43.1 * postgresql13-server-debuginfo-13.12-150200.5.43.1 * postgresql13-contrib-13.12-150200.5.43.1 * postgresql13-devel-debuginfo-13.12-150200.5.43.1 * openSUSE Leap 15.4 (noarch) * postgresql13-docs-13.12-150200.5.43.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql13-debugsource-13.12-150200.5.43.1 * postgresql13-llvmjit-devel-13.12-150200.5.43.1 * postgresql13-plperl-13.12-150200.5.43.1 * postgresql13-pltcl-13.12-150200.5.43.1 * postgresql13-debuginfo-13.12-150200.5.43.1 * postgresql13-llvmjit-debuginfo-13.12-150200.5.43.1 * postgresql13-server-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-server-devel-13.12-150200.5.43.1 * postgresql13-13.12-150200.5.43.1 * postgresql13-llvmjit-13.12-150200.5.43.1 * postgresql13-contrib-debuginfo-13.12-150200.5.43.1 * postgresql13-test-13.12-150200.5.43.1 * postgresql13-devel-13.12-150200.5.43.1 * postgresql13-plpython-debuginfo-13.12-150200.5.43.1 * postgresql13-plpython-13.12-150200.5.43.1 * postgresql13-pltcl-debuginfo-13.12-150200.5.43.1 * postgresql13-server-13.12-150200.5.43.1 * postgresql13-plperl-debuginfo-13.12-150200.5.43.1 * postgresql13-server-debuginfo-13.12-150200.5.43.1 * postgresql13-contrib-13.12-150200.5.43.1 * postgresql13-devel-debuginfo-13.12-150200.5.43.1 * openSUSE Leap 15.5 (noarch) * postgresql13-docs-13.12-150200.5.43.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql13-plpython-13.12-150200.5.43.1 * postgresql13-llvmjit-13.12-150200.5.43.1 * postgresql13-pltcl-13.12-150200.5.43.1 * postgresql13-contrib-debuginfo-13.12-150200.5.43.1 * postgresql13-pltcl-debuginfo-13.12-150200.5.43.1 * postgresql13-debuginfo-13.12-150200.5.43.1 * postgresql13-debugsource-13.12-150200.5.43.1 * postgresql13-llvmjit-devel-13.12-150200.5.43.1 * postgresql13-plperl-debuginfo-13.12-150200.5.43.1 * postgresql13-server-13.12-150200.5.43.1 * postgresql13-server-debuginfo-13.12-150200.5.43.1 * postgresql13-devel-13.12-150200.5.43.1 * postgresql13-llvmjit-debuginfo-13.12-150200.5.43.1 * postgresql13-plperl-13.12-150200.5.43.1 * postgresql13-contrib-13.12-150200.5.43.1 * postgresql13-server-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-server-devel-13.12-150200.5.43.1 * postgresql13-13.12-150200.5.43.1 * postgresql13-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-plpython-debuginfo-13.12-150200.5.43.1 * Legacy Module 15-SP4 (noarch) * postgresql13-docs-13.12-150200.5.43.1 * SUSE Manager Proxy 4.2 (x86_64) * postgresql13-plpython-13.12-150200.5.43.1 * postgresql13-pltcl-13.12-150200.5.43.1 * postgresql13-contrib-debuginfo-13.12-150200.5.43.1 * postgresql13-pltcl-debuginfo-13.12-150200.5.43.1 * postgresql13-debuginfo-13.12-150200.5.43.1 * postgresql13-debugsource-13.12-150200.5.43.1 * postgresql13-plperl-debuginfo-13.12-150200.5.43.1 * postgresql13-server-13.12-150200.5.43.1 * postgresql13-server-debuginfo-13.12-150200.5.43.1 * postgresql13-devel-13.12-150200.5.43.1 * postgresql13-plperl-13.12-150200.5.43.1 * postgresql13-contrib-13.12-150200.5.43.1 * postgresql13-server-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-server-devel-13.12-150200.5.43.1 * postgresql13-13.12-150200.5.43.1 * postgresql13-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-plpython-debuginfo-13.12-150200.5.43.1 * SUSE Manager Proxy 4.2 (noarch) * postgresql13-docs-13.12-150200.5.43.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * postgresql13-plpython-13.12-150200.5.43.1 * postgresql13-pltcl-13.12-150200.5.43.1 * postgresql13-contrib-debuginfo-13.12-150200.5.43.1 * postgresql13-pltcl-debuginfo-13.12-150200.5.43.1 * postgresql13-debuginfo-13.12-150200.5.43.1 * postgresql13-debugsource-13.12-150200.5.43.1 * postgresql13-plperl-debuginfo-13.12-150200.5.43.1 * postgresql13-server-13.12-150200.5.43.1 * postgresql13-server-debuginfo-13.12-150200.5.43.1 * postgresql13-devel-13.12-150200.5.43.1 * postgresql13-plperl-13.12-150200.5.43.1 * postgresql13-contrib-13.12-150200.5.43.1 * postgresql13-server-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-server-devel-13.12-150200.5.43.1 * postgresql13-13.12-150200.5.43.1 * postgresql13-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-plpython-debuginfo-13.12-150200.5.43.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * postgresql13-docs-13.12-150200.5.43.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * postgresql13-plpython-13.12-150200.5.43.1 * postgresql13-pltcl-13.12-150200.5.43.1 * postgresql13-contrib-debuginfo-13.12-150200.5.43.1 * postgresql13-pltcl-debuginfo-13.12-150200.5.43.1 * postgresql13-debuginfo-13.12-150200.5.43.1 * postgresql13-debugsource-13.12-150200.5.43.1 * postgresql13-plperl-debuginfo-13.12-150200.5.43.1 * postgresql13-server-13.12-150200.5.43.1 * postgresql13-server-debuginfo-13.12-150200.5.43.1 * postgresql13-devel-13.12-150200.5.43.1 * postgresql13-plperl-13.12-150200.5.43.1 * postgresql13-contrib-13.12-150200.5.43.1 * postgresql13-server-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-server-devel-13.12-150200.5.43.1 * postgresql13-13.12-150200.5.43.1 * postgresql13-devel-debuginfo-13.12-150200.5.43.1 * postgresql13-plpython-debuginfo-13.12-150200.5.43.1 * SUSE Manager Server 4.2 (noarch) * postgresql13-docs-13.12-150200.5.43.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39417.html * https://bugzilla.suse.com/show_bug.cgi?id=1214059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 07:04:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 09:04:30 +0200 (CEST) Subject: SUSE-CU-2023:2712-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20230818070430.2E9F8FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2712-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.18 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.18 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Fri Aug 18 07:05:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 09:05:22 +0200 (CEST) Subject: SUSE-CU-2023:2713-1: Security update of suse/postgres Message-ID: <20230818070522.977EAFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2713-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.40 , suse/postgres:14.9 , suse/postgres:14.9-22.40 Container Release : 22.40 Severity : moderate Type : security References : 1214059 1214059 1214061 CVE-2023-39417 CVE-2023-39417 CVE-2023-39418 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3347-1 Released: Thu Aug 17 14:39:10 2023 Summary: Security update for postgresql15 Type: security Severity: moderate References: 1214059,1214061,CVE-2023-39417,CVE-2023-39418 This update for postgresql15 fixes the following issues: - Update to 15.4 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) - CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3348-1 Released: Thu Aug 17 14:41:20 2023 Summary: Security update for postgresql15 Type: security Severity: moderate References: 1214059,CVE-2023-39417 This update for postgresql15 fixes the following issues: - Update to 14.9 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) The following package changes have been done: - libpq5-15.4-150200.5.12.1 updated - postgresql14-14.9-150200.5.29.1 updated - postgresql14-server-14.9-150200.5.29.1 updated From sle-updates at lists.suse.com Fri Aug 18 07:05:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 09:05:33 +0200 (CEST) Subject: SUSE-CU-2023:2714-1: Security update of suse/389-ds Message-ID: <20230818070533.25B0AFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2714-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.41 , suse/389-ds:latest Container Release : 14.41 Severity : important Type : security References : 1207805 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - krb5-client-1.20.1-150500.3.3.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - python3-pyasn1-0.4.2-150000.3.5.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Fri Aug 18 07:06:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 09:06:28 +0200 (CEST) Subject: SUSE-CU-2023:2719-1: Security update of suse/postgres Message-ID: <20230818070628.D9EE3FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2719-1 Container Tags : suse/postgres:14 , suse/postgres:14-12.30 , suse/postgres:14.9 , suse/postgres:14.9-12.30 Container Release : 12.30 Severity : moderate Type : security References : 1214059 1214059 1214061 CVE-2023-39417 CVE-2023-39417 CVE-2023-39418 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3347-1 Released: Thu Aug 17 14:39:10 2023 Summary: Security update for postgresql15 Type: security Severity: moderate References: 1214059,1214061,CVE-2023-39417,CVE-2023-39418 This update for postgresql15 fixes the following issues: - Update to 15.4 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) - CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3348-1 Released: Thu Aug 17 14:41:20 2023 Summary: Security update for postgresql15 Type: security Severity: moderate References: 1214059,CVE-2023-39417 This update for postgresql15 fixes the following issues: - Update to 14.9 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) The following package changes have been done: - libpq5-15.4-150200.5.12.1 updated - postgresql14-14.9-150200.5.29.1 updated - postgresql14-server-14.9-150200.5.29.1 updated From sle-updates at lists.suse.com Fri Aug 18 07:06:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 09:06:37 +0200 (CEST) Subject: SUSE-CU-2023:2720-1: Security update of suse/postgres Message-ID: <20230818070637.A2F4AFCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2720-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.30 , suse/postgres:15.4 , suse/postgres:15.4-9.30 , suse/postgres:latest Container Release : 9.30 Severity : important Type : security References : 1214054 1214059 1214061 CVE-2023-36054 CVE-2023-39417 CVE-2023-39418 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3347-1 Released: Thu Aug 17 14:39:10 2023 Summary: Security update for postgresql15 Type: security Severity: moderate References: 1214059,1214061,CVE-2023-39417,CVE-2023-39418 This update for postgresql15 fixes the following issues: - Update to 15.4 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) - CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061) The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - libpq5-15.4-150200.5.12.1 updated - postgresql15-15.4-150200.5.12.1 updated - postgresql15-server-15.4-150200.5.12.1 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Fri Aug 18 08:35:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 08:35:07 -0000 Subject: SUSE-SU-2023:3353-1: moderate: Security update for re2c Message-ID: <169234770783.1463.16597097747697213223@smelt2.suse.de> # Security update for re2c Announcement ID: SUSE-SU-2023:3353-1 Rating: moderate References: * #1170890 Cross-References: * CVE-2018-21232 CVSS scores: * CVE-2018-21232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for re2c fixes the following issues: * CVE-2018-21232: Fixed excess stack consumption due to uncontrolled recursion in find_fixed_tags (bsc#1170890). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3353=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3353=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3353=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3353=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3353=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3353=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3353=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.3.1 * re2c-debuginfo-1.0.3-150000.3.3.1 * re2c-1.0.3-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2018-21232.html * https://bugzilla.suse.com/show_bug.cgi?id=1170890 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 08:35:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 08:35:12 -0000 Subject: SUSE-RU-2023:3352-1: moderate: Recommended update for strongswan Message-ID: <169234771259.1463.12046267696953246118@smelt2.suse.de> # Recommended update for strongswan Announcement ID: SUSE-RU-2023:3352-1 Rating: moderate References: * #1211711 * #1211715 * PED-4589 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that contains one feature and has two recommended fixes can now be installed. ## Description: This update for strongswan fixes the following issues: strongswan was updated to version 5.9.11 (jsc#PED-4589) * Removed Marvell auth-els patch that caused stability issues (bsc#1211715) * Fixed strongswan fails IPSEC IKEv2 test related to the USGv6 certification (bsc#1211711) * Version 5.9.11 changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.11 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3352=1 openSUSE-SLE-15.4-2023-3352=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3352=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3352=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3352=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * strongswan-debuginfo-5.9.11-150400.19.14.1 * strongswan-5.9.11-150400.19.14.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.14.1 * strongswan-mysql-debuginfo-5.9.11-150400.19.14.1 * strongswan-sqlite-debuginfo-5.9.11-150400.19.14.1 * strongswan-mysql-5.9.11-150400.19.14.1 * strongswan-nm-5.9.11-150400.19.14.1 * strongswan-libs0-5.9.11-150400.19.14.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.14.1 * strongswan-nm-debuginfo-5.9.11-150400.19.14.1 * strongswan-sqlite-5.9.11-150400.19.14.1 * strongswan-debugsource-5.9.11-150400.19.14.1 * strongswan-ipsec-5.9.11-150400.19.14.1 * strongswan-hmac-5.9.11-150400.19.14.1 * openSUSE Leap 15.4 (noarch) * strongswan-doc-5.9.11-150400.19.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.9.11-150400.19.14.1 * strongswan-5.9.11-150400.19.14.1 * strongswan-libs0-debuginfo-5.9.11-150400.19.14.1 * strongswan-libs0-5.9.11-150400.19.14.1 * strongswan-ipsec-debuginfo-5.9.11-150400.19.14.1 * strongswan-debugsource-5.9.11-150400.19.14.1 * strongswan-ipsec-5.9.11-150400.19.14.1 * strongswan-hmac-5.9.11-150400.19.14.1 * Basesystem Module 15-SP4 (noarch) * strongswan-doc-5.9.11-150400.19.14.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.9.11-150400.19.14.1 * strongswan-debugsource-5.9.11-150400.19.14.1 * strongswan-nm-5.9.11-150400.19.14.1 * strongswan-nm-debuginfo-5.9.11-150400.19.14.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * strongswan-debuginfo-5.9.11-150400.19.14.1 * strongswan-debugsource-5.9.11-150400.19.14.1 * strongswan-nm-5.9.11-150400.19.14.1 * strongswan-nm-debuginfo-5.9.11-150400.19.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211711 * https://bugzilla.suse.com/show_bug.cgi?id=1211715 * https://jira.suse.com/browse/PED-4589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 08:35:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 08:35:15 -0000 Subject: SUSE-RU-2023:3351-1: moderate: Recommended update for oddjob, oddjob-gpupdate Message-ID: <169234771581.1463.4621143745689963351@smelt2.suse.de> # Recommended update for oddjob, oddjob-gpupdate Announcement ID: SUSE-RU-2023:3351-1 Rating: moderate References: * #1188680 * #1191041 * SLE-18457 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has two recommended fixes can now be installed. ## Description: This update for oddjob, oddjob-gpupdate fixes the following issues: This update provides the oddjob, oddjob-gpupdate packages. (jsc#SLE-18457) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3351=1 openSUSE-SLE-15.4-2023-3351=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3351=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3351=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3351=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * oddjob-mkhomedir-debuginfo-0.34.5-150400.3.2.1 * oddjob-gpupdate-debugsource-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-debugsource-0.34.5-150400.3.2.1 * oddjob-gpupdate-debuginfo-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-mkhomedir-0.34.5-150400.3.2.1 * oddjob-gpupdate-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-0.34.5-150400.3.2.1 * oddjob-debuginfo-0.34.5-150400.3.2.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * oddjob-mkhomedir-debuginfo-0.34.5-150400.3.2.1 * oddjob-gpupdate-debugsource-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-debugsource-0.34.5-150400.3.2.1 * oddjob-gpupdate-debuginfo-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-mkhomedir-0.34.5-150400.3.2.1 * oddjob-gpupdate-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-0.34.5-150400.3.2.1 * oddjob-debuginfo-0.34.5-150400.3.2.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * oddjob-mkhomedir-debuginfo-0.34.5-150400.3.2.1 * oddjob-gpupdate-debugsource-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-debugsource-0.34.5-150400.3.2.1 * oddjob-gpupdate-debuginfo-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-mkhomedir-0.34.5-150400.3.2.1 * oddjob-gpupdate-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-0.34.5-150400.3.2.1 * oddjob-debuginfo-0.34.5-150400.3.2.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * oddjob-mkhomedir-debuginfo-0.34.5-150400.3.2.1 * oddjob-gpupdate-debugsource-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-debugsource-0.34.5-150400.3.2.1 * oddjob-gpupdate-debuginfo-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-mkhomedir-0.34.5-150400.3.2.1 * oddjob-gpupdate-0.2.0+git.5.ed70836-150400.9.3.1 * oddjob-0.34.5-150400.3.2.1 * oddjob-debuginfo-0.34.5-150400.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1188680 * https://bugzilla.suse.com/show_bug.cgi?id=1191041 * https://jira.suse.com/browse/SLE-18457 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 08:35:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 08:35:17 -0000 Subject: SUSE-FU-2023:3350-1: moderate: Feature update for libtraceevent, libtracefs, trace-cmd Message-ID: <169234771758.1463.3375490344999551915@smelt2.suse.de> # Feature update for libtraceevent, libtracefs, trace-cmd Announcement ID: SUSE-FU-2023:3350-1 Rating: moderate References: * PED-4572 Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature can now be installed. ## Description: This update for libtraceevent, libtracefs and trace-cmd fixes the following issues: trace-cmd: * Version update from 2.6.1 to 3.2 (jsc#PED-4572) * Quiet valgrind from reporting forked children * Close handle after opening * Fix memory leaks of followers * Add new command `attach` * Add tracecmd_get_tsc2nsec() API * Unlock records in tracecmd_iterate_events() * Add "IP" to -N argument in help message * Remove redundant check of instance in allocate_instance() * Free buf_from in error path of tracecmd_compress_copy_from() * Update v7 trace.dat documentation to clarify the strings section * Do not destroy existing instances * Do not extract top level unless told to * Fix tracecmd_compress_copy_from() write size return * Document filter scope * Support global filters * Ensure filter is applied to single input file * Open code execvp routine to avoid multiple execve syscalls * Remove building of kernelshark package * Upstream has separate versioning now for trace-cmd and kernelshark * Version tags no longer correspond to the same source libtraceevent: * New package implementation required by trace-cmd (jsc#PED-4572) libtracefs: * New package implementation required by trace-cmd (jsc#PED-4572) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3350=1 openSUSE-SLE-15.5-2023-3350=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3350=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libtracefs-debugsource-1.7.0-150500.11.3.3 * libtraceevent-debugsource-1.7.3-150500.11.3.2 * trace-cmd-debuginfo-3.2-150500.14.3.3 * libtracefs-tools-1.7.0-150500.11.3.3 * libtraceevent1-plugins-debuginfo-1.7.3-150500.11.3.2 * libtracefs1-debuginfo-1.7.0-150500.11.3.3 * libtraceevent1-plugins-1.7.3-150500.11.3.2 * libtracefs-debuginfo-1.7.0-150500.11.3.3 * libtracefs-tools-debuginfo-1.7.0-150500.11.3.3 * libtraceevent-devel-1.7.3-150500.11.3.2 * libtraceevent1-1.7.3-150500.11.3.2 * libtraceevent1-debuginfo-1.7.3-150500.11.3.2 * libtracefs1-1.7.0-150500.11.3.3 * trace-cmd-3.2-150500.14.3.3 * trace-cmd-debugsource-3.2-150500.14.3.3 * libtraceevent-debuginfo-1.7.3-150500.11.3.2 * libtracefs-devel-1.7.0-150500.11.3.3 * trace-cmd-python3-3.2-150500.14.3.3 * trace-cmd-python3-debuginfo-3.2-150500.14.3.3 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libtracefs-debugsource-1.7.0-150500.11.3.3 * libtraceevent-debugsource-1.7.3-150500.11.3.2 * trace-cmd-debuginfo-3.2-150500.14.3.3 * libtracefs-tools-1.7.0-150500.11.3.3 * libtraceevent1-plugins-debuginfo-1.7.3-150500.11.3.2 * libtracefs1-debuginfo-1.7.0-150500.11.3.3 * libtraceevent1-plugins-1.7.3-150500.11.3.2 * libtracefs-debuginfo-1.7.0-150500.11.3.3 * libtracefs-tools-debuginfo-1.7.0-150500.11.3.3 * libtraceevent-devel-1.7.3-150500.11.3.2 * libtraceevent1-1.7.3-150500.11.3.2 * libtraceevent1-debuginfo-1.7.3-150500.11.3.2 * libtracefs1-1.7.0-150500.11.3.3 * trace-cmd-3.2-150500.14.3.3 * trace-cmd-debugsource-3.2-150500.14.3.3 * libtraceevent-debuginfo-1.7.3-150500.11.3.2 * libtracefs-devel-1.7.0-150500.11.3.3 ## References: * https://jira.suse.com/browse/PED-4572 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 12:30:04 -0000 Subject: SUSE-SU-2023:3358-1: moderate: Security update for samba Message-ID: <169236180443.26416.8301595219737771863@smelt2.suse.de> # Security update for samba Announcement ID: SUSE-SU-2023:3358-1 Rating: moderate References: * #1213174 * #1213384 Cross-References: * CVE-2022-2127 CVSS scores: * CVE-2022-2127 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-2127 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). Bugfixes: * Fixed trust relationship failure (bsc#1213384) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3358=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-3358=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3358=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3358=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3358=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3358=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libndr0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libndr0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-4.11.14+git.396.91f4f677472-150200.4.52.5 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ctdb-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-debugsource-4.11.14+git.396.91f4f677472-150200.4.52.5 * ctdb-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libdcerpc0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ad-dc-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-client-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ceph-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-dsdb-modules-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-dsdb-modules-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy0-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy-python3-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-debugsource-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ceph-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-client-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ad-dc-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy0-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-core-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libsamba-errors0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libdcerpc0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ad-dc-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-client-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-dsdb-modules-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-dsdb-modules-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy0-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy-python3-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-debugsource-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-client-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ad-dc-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy0-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-core-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * samba-ceph-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ceph-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libsamba-errors0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libdcerpc0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ad-dc-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-client-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-dsdb-modules-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-dsdb-modules-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy0-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy-python3-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-debugsource-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-client-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ad-dc-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy0-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-core-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libsamba-errors0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ceph-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ceph-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libdcerpc0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ad-dc-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-client-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ceph-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-dsdb-modules-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-dsdb-modules-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy0-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy-python3-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-debugsource-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ceph-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-client-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-ad-dc-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr0-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-policy0-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbclient0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-core-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-samr-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-python3-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-python3-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb-devel-4.11.14+git.396.91f4f677472-150200.4.52.5 * SUSE Enterprise Storage 7 (x86_64) * libsamba-errors0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-errors0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-util0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbldap2-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-libs-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-standard0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libnetapi0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsmbconf0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-nbt0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libtevent-util0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libndr-krb5pac0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-credentials0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * libdcerpc-binding0-32bit-4.11.14+git.396.91f4f677472-150200.4.52.5 * samba-winbind-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamba-passdb0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libwbclient0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 * libsamdb0-32bit-debuginfo-4.11.14+git.396.91f4f677472-150200.4.52.5 ## References: * https://www.suse.com/security/cve/CVE-2022-2127.html * https://bugzilla.suse.com/show_bug.cgi?id=1213174 * https://bugzilla.suse.com/show_bug.cgi?id=1213384 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 12:30:07 -0000 Subject: SUSE-SU-2023:3357-1: low: Security update for ImageMagick Message-ID: <169236180731.26416.18407731124857794838@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:3357-1 Rating: low References: * #1213624 Cross-References: * CVE-2023-3745 CVSS scores: * CVE-2023-3745 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-3745 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum- private.h (bsc#1213624). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3357=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3357=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3357=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3357=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3357=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.195.1 * libMagick++-6_Q16-3-6.8.8.1-71.195.1 * libMagickCore-6_Q16-1-32bit-6.8.8.1-71.195.1 * ImageMagick-debuginfo-6.8.8.1-71.195.1 * libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.195.1 * ImageMagick-6.8.8.1-71.195.1 * ImageMagick-debugsource-6.8.8.1-71.195.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libMagick++-6_Q16-3-6.8.8.1-71.195.1 * perl-PerlMagick-6.8.8.1-71.195.1 * ImageMagick-debuginfo-6.8.8.1-71.195.1 * ImageMagick-debugsource-6.8.8.1-71.195.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.195.1 * ImageMagick-devel-6.8.8.1-71.195.1 * libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.195.1 * libMagick++-devel-6.8.8.1-71.195.1 * ImageMagick-6.8.8.1-71.195.1 * ImageMagick-config-6-upstream-6.8.8.1-71.195.1 * perl-PerlMagick-debuginfo-6.8.8.1-71.195.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libMagickCore-6_Q16-1-6.8.8.1-71.195.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.195.1 * libMagickWand-6_Q16-1-6.8.8.1-71.195.1 * ImageMagick-debuginfo-6.8.8.1-71.195.1 * ImageMagick-debugsource-6.8.8.1-71.195.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.195.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.195.1 * ImageMagick-config-6-upstream-6.8.8.1-71.195.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libMagickCore-6_Q16-1-6.8.8.1-71.195.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.195.1 * libMagickWand-6_Q16-1-6.8.8.1-71.195.1 * ImageMagick-debuginfo-6.8.8.1-71.195.1 * ImageMagick-debugsource-6.8.8.1-71.195.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.195.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.195.1 * ImageMagick-config-6-upstream-6.8.8.1-71.195.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libMagickCore-6_Q16-1-6.8.8.1-71.195.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.195.1 * libMagickWand-6_Q16-1-6.8.8.1-71.195.1 * ImageMagick-debuginfo-6.8.8.1-71.195.1 * ImageMagick-debugsource-6.8.8.1-71.195.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.195.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.195.1 * ImageMagick-config-6-upstream-6.8.8.1-71.195.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3745.html * https://bugzilla.suse.com/show_bug.cgi?id=1213624 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 12:30:09 -0000 Subject: SUSE-SU-2023:3356-1: important: Security update for nodejs18 Message-ID: <169236180966.26416.1334798487051616019@smelt2.suse.de> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:3356-1 Rating: important References: * #1214150 * #1214154 * #1214156 Cross-References: * CVE-2023-32002 * CVE-2023-32006 * CVE-2023-32559 CVSS scores: * CVE-2023-32002 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves three vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: Update to LTS version 18.17.1 (security fixes): * CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). * CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). * CVE-2023-30589: Fixed HTTP Request Smuggling via Empty headers separated by CR (bsc#1212582). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-3356=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * npm18-18.17.1-8.12.1 * nodejs18-debugsource-18.17.1-8.12.1 * nodejs18-debuginfo-18.17.1-8.12.1 * nodejs18-devel-18.17.1-8.12.1 * nodejs18-18.17.1-8.12.1 * Web and Scripting Module 12 (noarch) * nodejs18-docs-18.17.1-8.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32002.html * https://www.suse.com/security/cve/CVE-2023-32006.html * https://www.suse.com/security/cve/CVE-2023-32559.html * https://bugzilla.suse.com/show_bug.cgi?id=1214150 * https://bugzilla.suse.com/show_bug.cgi?id=1214154 * https://bugzilla.suse.com/show_bug.cgi?id=1214156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 12:30:12 -0000 Subject: SUSE-SU-2023:3355-1: important: Security update for nodejs16 Message-ID: <169236181291.26416.17165951505681536007@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:3355-1 Rating: important References: * #1214150 * #1214154 * #1214156 Cross-References: * CVE-2023-32002 * CVE-2023-32006 * CVE-2023-32559 CVSS scores: * CVE-2023-32002 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves three vulnerabilities can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to LTS version 16.20.2: * CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). * CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-3355=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs16-devel-16.20.2-8.33.1 * nodejs16-debuginfo-16.20.2-8.33.1 * nodejs16-debugsource-16.20.2-8.33.1 * npm16-16.20.2-8.33.1 * nodejs16-16.20.2-8.33.1 * Web and Scripting Module 12 (noarch) * nodejs16-docs-16.20.2-8.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32002.html * https://www.suse.com/security/cve/CVE-2023-32006.html * https://www.suse.com/security/cve/CVE-2023-32559.html * https://bugzilla.suse.com/show_bug.cgi?id=1214150 * https://bugzilla.suse.com/show_bug.cgi?id=1214154 * https://bugzilla.suse.com/show_bug.cgi?id=1214156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 12:30:15 -0000 Subject: SUSE-RU-2023:3354-1: moderate: Recommended update for strongswan Message-ID: <169236181570.26416.486730083791449299@smelt2.suse.de> # Recommended update for strongswan Announcement ID: SUSE-RU-2023:3354-1 Rating: moderate References: * #1211711 * #1211715 * PED-4589 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Package Hub 15 15-SP5 An update that contains one feature and has two recommended fixes can now be installed. ## Description: This update for strongswan fixes the following issues: * Updated to version 5.9.11 (jsc#PED-4589) * Removed auth-els patch (bsc#1211715) * Fixed strongswan failing IPSEC IKEv2 test related to the USGv6 certification (bsc#1211711) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3354=1 SUSE-2023-3354=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3354=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3354=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3354=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * strongswan-ipsec-5.9.11-150500.5.3.1 * strongswan-libs0-5.9.11-150500.5.3.1 * strongswan-mysql-5.9.11-150500.5.3.1 * strongswan-sqlite-debuginfo-5.9.11-150500.5.3.1 * strongswan-hmac-5.9.11-150500.5.3.1 * strongswan-debuginfo-5.9.11-150500.5.3.1 * strongswan-nm-5.9.11-150500.5.3.1 * strongswan-debugsource-5.9.11-150500.5.3.1 * strongswan-sqlite-5.9.11-150500.5.3.1 * strongswan-nm-debuginfo-5.9.11-150500.5.3.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.3.1 * strongswan-mysql-debuginfo-5.9.11-150500.5.3.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.3.1 * strongswan-5.9.11-150500.5.3.1 * openSUSE Leap 15.5 (noarch) * strongswan-doc-5.9.11-150500.5.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * strongswan-ipsec-5.9.11-150500.5.3.1 * strongswan-libs0-5.9.11-150500.5.3.1 * strongswan-hmac-5.9.11-150500.5.3.1 * strongswan-debuginfo-5.9.11-150500.5.3.1 * strongswan-debugsource-5.9.11-150500.5.3.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.3.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.3.1 * strongswan-5.9.11-150500.5.3.1 * Basesystem Module 15-SP5 (noarch) * strongswan-doc-5.9.11-150500.5.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.9.11-150500.5.3.1 * strongswan-nm-5.9.11-150500.5.3.1 * strongswan-debugsource-5.9.11-150500.5.3.1 * strongswan-nm-debuginfo-5.9.11-150500.5.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * strongswan-debuginfo-5.9.11-150500.5.3.1 * strongswan-nm-5.9.11-150500.5.3.1 * strongswan-debugsource-5.9.11-150500.5.3.1 * strongswan-nm-debuginfo-5.9.11-150500.5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211711 * https://bugzilla.suse.com/show_bug.cgi?id=1211715 * https://jira.suse.com/browse/PED-4589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 16:30:02 -0000 Subject: SUSE-RU-2023:3364-1: moderate: Recommended update for libdb-4_8 Message-ID: <169237620226.21269.10048183524188416232@smelt2.suse.de> # Recommended update for libdb-4_8 Announcement ID: SUSE-RU-2023:3364-1 Rating: moderate References: * #1099695 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for libdb-4_8 fixes the following issues: * Fix incomplete license tag. [bsc#1099695] ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3364=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3364=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3364=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3364=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libdb-4_8-debuginfo-4.8.30-36.1 * libdb-4_8-debugsource-4.8.30-36.1 * libdb-4_8-devel-4.8.30-36.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * db48-utils-4.8.30-36.1 * libdb-4_8-debugsource-4.8.30-36.1 * libdb-4_8-debuginfo-4.8.30-36.1 * libdb-4_8-4.8.30-36.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libdb-4_8-debuginfo-32bit-4.8.30-36.1 * libdb-4_8-32bit-4.8.30-36.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * db48-utils-4.8.30-36.1 * libdb-4_8-debugsource-4.8.30-36.1 * libdb-4_8-debuginfo-4.8.30-36.1 * libdb-4_8-4.8.30-36.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libdb-4_8-debuginfo-32bit-4.8.30-36.1 * libdb-4_8-32bit-4.8.30-36.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * db48-utils-4.8.30-36.1 * libdb-4_8-debugsource-4.8.30-36.1 * libdb-4_8-debuginfo-4.8.30-36.1 * libdb-4_8-4.8.30-36.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libdb-4_8-debuginfo-32bit-4.8.30-36.1 * libdb-4_8-32bit-4.8.30-36.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1099695 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 16:30:04 -0000 Subject: SUSE-SU-2023:3363-1: important: Security update for krb5 Message-ID: <169237620411.21269.1012333611452515517@smelt2.suse.de> # Security update for krb5 Announcement ID: SUSE-SU-2023:3363-1 Rating: important References: * #1214054 Cross-References: * CVE-2023-36054 CVSS scores: * CVE-2023-36054 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-36054 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for krb5 fixes the following issues: * CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3363=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3363=1 SUSE-2023-3363=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3363=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3363=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3363=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3363=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3363=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3363=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3363=1 ## Package List: * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * krb5-debugsource-1.19.2-150400.3.6.1 * krb5-debuginfo-1.19.2-150400.3.6.1 * krb5-1.19.2-150400.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * krb5-mini-1.19.2-150400.3.6.1 * krb5-server-1.19.2-150400.3.6.1 * krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150400.3.6.1 * krb5-plugin-preauth-spake-1.19.2-150400.3.6.1 * krb5-plugin-preauth-spake-debuginfo-1.19.2-150400.3.6.1 * krb5-plugin-kdb-ldap-debuginfo-1.19.2-150400.3.6.1 * krb5-debugsource-1.19.2-150400.3.6.1 * krb5-plugin-kdb-ldap-1.19.2-150400.3.6.1 * krb5-plugin-preauth-otp-1.19.2-150400.3.6.1 * krb5-plugin-preauth-otp-debuginfo-1.19.2-150400.3.6.1 * krb5-server-debuginfo-1.19.2-150400.3.6.1 * krb5-mini-debugsource-1.19.2-150400.3.6.1 * krb5-mini-devel-1.19.2-150400.3.6.1 * krb5-mini-debuginfo-1.19.2-150400.3.6.1 * krb5-plugin-preauth-pkinit-1.19.2-150400.3.6.1 * krb5-client-debuginfo-1.19.2-150400.3.6.1 * krb5-debuginfo-1.19.2-150400.3.6.1 * krb5-1.19.2-150400.3.6.1 * krb5-client-1.19.2-150400.3.6.1 * krb5-devel-1.19.2-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * krb5-devel-32bit-1.19.2-150400.3.6.1 * krb5-32bit-1.19.2-150400.3.6.1 * krb5-32bit-debuginfo-1.19.2-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * krb5-64bit-debuginfo-1.19.2-150400.3.6.1 * krb5-64bit-1.19.2-150400.3.6.1 * krb5-devel-64bit-1.19.2-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * krb5-debugsource-1.19.2-150400.3.6.1 * krb5-debuginfo-1.19.2-150400.3.6.1 * krb5-1.19.2-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * krb5-debugsource-1.19.2-150400.3.6.1 * krb5-debuginfo-1.19.2-150400.3.6.1 * krb5-1.19.2-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * krb5-debugsource-1.19.2-150400.3.6.1 * krb5-debuginfo-1.19.2-150400.3.6.1 * krb5-1.19.2-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * krb5-debugsource-1.19.2-150400.3.6.1 * krb5-debuginfo-1.19.2-150400.3.6.1 * krb5-1.19.2-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150400.3.6.1 * krb5-debugsource-1.19.2-150400.3.6.1 * krb5-plugin-preauth-otp-debuginfo-1.19.2-150400.3.6.1 * krb5-plugin-preauth-otp-1.19.2-150400.3.6.1 * krb5-plugin-preauth-pkinit-1.19.2-150400.3.6.1 * krb5-client-debuginfo-1.19.2-150400.3.6.1 * krb5-debuginfo-1.19.2-150400.3.6.1 * krb5-1.19.2-150400.3.6.1 * krb5-client-1.19.2-150400.3.6.1 * krb5-devel-1.19.2-150400.3.6.1 * Basesystem Module 15-SP4 (x86_64) * krb5-32bit-1.19.2-150400.3.6.1 * krb5-32bit-debuginfo-1.19.2-150400.3.6.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * krb5-server-1.19.2-150400.3.6.1 * krb5-plugin-kdb-ldap-debuginfo-1.19.2-150400.3.6.1 * krb5-debugsource-1.19.2-150400.3.6.1 * krb5-plugin-kdb-ldap-1.19.2-150400.3.6.1 * krb5-server-debuginfo-1.19.2-150400.3.6.1 * krb5-debuginfo-1.19.2-150400.3.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * krb5-debugsource-1.19.2-150400.3.6.1 * krb5-debuginfo-1.19.2-150400.3.6.1 * krb5-1.19.2-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36054.html * https://bugzilla.suse.com/show_bug.cgi?id=1214054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 16:30:06 -0000 Subject: SUSE-SU-2023:3362-1: moderate: Security update for kernel-firmware Message-ID: <169237620650.21269.348069686536760648@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3362-1 Rating: moderate References: * #1213287 Cross-References: * CVE-2023-20569 CVSS scores: * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3362=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3362=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3362=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-firmware-20190618-5.31.1 * ucode-amd-20190618-5.31.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-firmware-20190618-5.31.1 * ucode-amd-20190618-5.31.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-firmware-20190618-5.31.1 * ucode-amd-20190618-5.31.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20569.html * https://bugzilla.suse.com/show_bug.cgi?id=1213287 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 16:30:09 -0000 Subject: SUSE-SU-2023:3361-1: moderate: Security update for kernel-firmware Message-ID: <169237620970.21269.51216160532674@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3361-1 Rating: moderate References: * #1213287 Cross-References: * CVE-2023-20569 CVSS scores: * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3361=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3361=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3361=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3361=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3361=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3361=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3361=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3361=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3361=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3361=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3361=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-firmware-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * kernel-firmware-brcm-20210208-150300.4.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-firmware-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * kernel-firmware-brcm-20210208-150300.4.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-firmware-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * kernel-firmware-brcm-20210208-150300.4.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-firmware-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * SUSE Manager Proxy 4.2 (noarch) * kernel-firmware-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-firmware-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * SUSE Manager Server 4.2 (noarch) * kernel-firmware-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-firmware-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * kernel-firmware-brcm-20210208-150300.4.16.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * kernel-firmware-ath10k-20210208-150300.4.16.1 * kernel-firmware-all-20210208-150300.4.16.1 * kernel-firmware-mediatek-20210208-150300.4.16.1 * kernel-firmware-atheros-20210208-150300.4.16.1 * kernel-firmware-sound-20210208-150300.4.16.1 * kernel-firmware-ti-20210208-150300.4.16.1 * kernel-firmware-usb-network-20210208-150300.4.16.1 * kernel-firmware-mwifiex-20210208-150300.4.16.1 * kernel-firmware-i915-20210208-150300.4.16.1 * kernel-firmware-nvidia-20210208-150300.4.16.1 * kernel-firmware-serial-20210208-150300.4.16.1 * kernel-firmware-radeon-20210208-150300.4.16.1 * kernel-firmware-liquidio-20210208-150300.4.16.1 * kernel-firmware-bluetooth-20210208-150300.4.16.1 * kernel-firmware-iwlwifi-20210208-150300.4.16.1 * kernel-firmware-nfp-20210208-150300.4.16.1 * kernel-firmware-marvell-20210208-150300.4.16.1 * kernel-firmware-platform-20210208-150300.4.16.1 * kernel-firmware-amdgpu-20210208-150300.4.16.1 * kernel-firmware-realtek-20210208-150300.4.16.1 * kernel-firmware-media-20210208-150300.4.16.1 * kernel-firmware-intel-20210208-150300.4.16.1 * kernel-firmware-ueagle-20210208-150300.4.16.1 * kernel-firmware-ath11k-20210208-150300.4.16.1 * kernel-firmware-qlogic-20210208-150300.4.16.1 * kernel-firmware-brcm-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * kernel-firmware-chelsio-20210208-150300.4.16.1 * kernel-firmware-bnx2-20210208-150300.4.16.1 * kernel-firmware-dpaa2-20210208-150300.4.16.1 * kernel-firmware-network-20210208-150300.4.16.1 * kernel-firmware-mellanox-20210208-150300.4.16.1 * kernel-firmware-prestera-20210208-150300.4.16.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-firmware-ath10k-20210208-150300.4.16.1 * kernel-firmware-all-20210208-150300.4.16.1 * kernel-firmware-mediatek-20210208-150300.4.16.1 * kernel-firmware-atheros-20210208-150300.4.16.1 * kernel-firmware-sound-20210208-150300.4.16.1 * kernel-firmware-ti-20210208-150300.4.16.1 * kernel-firmware-usb-network-20210208-150300.4.16.1 * kernel-firmware-mwifiex-20210208-150300.4.16.1 * kernel-firmware-i915-20210208-150300.4.16.1 * kernel-firmware-nvidia-20210208-150300.4.16.1 * kernel-firmware-serial-20210208-150300.4.16.1 * kernel-firmware-radeon-20210208-150300.4.16.1 * kernel-firmware-liquidio-20210208-150300.4.16.1 * kernel-firmware-bluetooth-20210208-150300.4.16.1 * kernel-firmware-iwlwifi-20210208-150300.4.16.1 * kernel-firmware-nfp-20210208-150300.4.16.1 * kernel-firmware-marvell-20210208-150300.4.16.1 * kernel-firmware-platform-20210208-150300.4.16.1 * kernel-firmware-amdgpu-20210208-150300.4.16.1 * kernel-firmware-realtek-20210208-150300.4.16.1 * kernel-firmware-media-20210208-150300.4.16.1 * kernel-firmware-intel-20210208-150300.4.16.1 * kernel-firmware-ueagle-20210208-150300.4.16.1 * kernel-firmware-ath11k-20210208-150300.4.16.1 * kernel-firmware-qlogic-20210208-150300.4.16.1 * kernel-firmware-brcm-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * kernel-firmware-chelsio-20210208-150300.4.16.1 * kernel-firmware-bnx2-20210208-150300.4.16.1 * kernel-firmware-dpaa2-20210208-150300.4.16.1 * kernel-firmware-network-20210208-150300.4.16.1 * kernel-firmware-mellanox-20210208-150300.4.16.1 * kernel-firmware-prestera-20210208-150300.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-firmware-ath10k-20210208-150300.4.16.1 * kernel-firmware-all-20210208-150300.4.16.1 * kernel-firmware-mediatek-20210208-150300.4.16.1 * kernel-firmware-atheros-20210208-150300.4.16.1 * kernel-firmware-sound-20210208-150300.4.16.1 * kernel-firmware-ti-20210208-150300.4.16.1 * kernel-firmware-usb-network-20210208-150300.4.16.1 * kernel-firmware-mwifiex-20210208-150300.4.16.1 * kernel-firmware-i915-20210208-150300.4.16.1 * kernel-firmware-nvidia-20210208-150300.4.16.1 * kernel-firmware-serial-20210208-150300.4.16.1 * kernel-firmware-radeon-20210208-150300.4.16.1 * kernel-firmware-liquidio-20210208-150300.4.16.1 * kernel-firmware-bluetooth-20210208-150300.4.16.1 * kernel-firmware-iwlwifi-20210208-150300.4.16.1 * kernel-firmware-nfp-20210208-150300.4.16.1 * kernel-firmware-marvell-20210208-150300.4.16.1 * kernel-firmware-platform-20210208-150300.4.16.1 * kernel-firmware-amdgpu-20210208-150300.4.16.1 * kernel-firmware-realtek-20210208-150300.4.16.1 * kernel-firmware-media-20210208-150300.4.16.1 * kernel-firmware-intel-20210208-150300.4.16.1 * kernel-firmware-ueagle-20210208-150300.4.16.1 * kernel-firmware-ath11k-20210208-150300.4.16.1 * kernel-firmware-qlogic-20210208-150300.4.16.1 * kernel-firmware-brcm-20210208-150300.4.16.1 * ucode-amd-20210208-150300.4.16.1 * kernel-firmware-chelsio-20210208-150300.4.16.1 * kernel-firmware-bnx2-20210208-150300.4.16.1 * kernel-firmware-dpaa2-20210208-150300.4.16.1 * kernel-firmware-network-20210208-150300.4.16.1 * kernel-firmware-mellanox-20210208-150300.4.16.1 * kernel-firmware-prestera-20210208-150300.4.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20569.html * https://bugzilla.suse.com/show_bug.cgi?id=1213287 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 16:30:12 -0000 Subject: SUSE-SU-2023:3360-1: moderate: Security update for kernel-firmware Message-ID: <169237621213.21269.6902211441322843534@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3360-1 Rating: moderate References: * #1213287 Cross-References: * CVE-2023-20569 CVSS scores: * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3360=1 openSUSE-SLE-15.4-2023-3360=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3360=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3360=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3360=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3360=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3360=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3360=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3360=1 ## Package List: * openSUSE Leap 15.4 (noarch) * kernel-firmware-mellanox-20220509-150400.4.22.1 * kernel-firmware-iwlwifi-20220509-150400.4.22.1 * kernel-firmware-media-20220509-150400.4.22.1 * kernel-firmware-mwifiex-20220509-150400.4.22.1 * ucode-amd-20220509-150400.4.22.1 * kernel-firmware-realtek-20220509-150400.4.22.1 * kernel-firmware-atheros-20220509-150400.4.22.1 * kernel-firmware-i915-20220509-150400.4.22.1 * kernel-firmware-liquidio-20220509-150400.4.22.1 * kernel-firmware-ti-20220509-150400.4.22.1 * kernel-firmware-chelsio-20220509-150400.4.22.1 * kernel-firmware-sound-20220509-150400.4.22.1 * kernel-firmware-all-20220509-150400.4.22.1 * kernel-firmware-bluetooth-20220509-150400.4.22.1 * kernel-firmware-qlogic-20220509-150400.4.22.1 * kernel-firmware-radeon-20220509-150400.4.22.1 * kernel-firmware-qcom-20220509-150400.4.22.1 * kernel-firmware-platform-20220509-150400.4.22.1 * kernel-firmware-mediatek-20220509-150400.4.22.1 * kernel-firmware-ath11k-20220509-150400.4.22.1 * kernel-firmware-20220509-150400.4.22.1 * kernel-firmware-nvidia-20220509-150400.4.22.1 * kernel-firmware-usb-network-20220509-150400.4.22.1 * kernel-firmware-nfp-20220509-150400.4.22.1 * kernel-firmware-prestera-20220509-150400.4.22.1 * kernel-firmware-marvell-20220509-150400.4.22.1 * kernel-firmware-bnx2-20220509-150400.4.22.1 * kernel-firmware-amdgpu-20220509-150400.4.22.1 * kernel-firmware-serial-20220509-150400.4.22.1 * kernel-firmware-brcm-20220509-150400.4.22.1 * kernel-firmware-network-20220509-150400.4.22.1 * kernel-firmware-ath10k-20220509-150400.4.22.1 * kernel-firmware-ueagle-20220509-150400.4.22.1 * kernel-firmware-intel-20220509-150400.4.22.1 * kernel-firmware-dpaa2-20220509-150400.4.22.1 * openSUSE Leap Micro 5.3 (noarch) * kernel-firmware-mellanox-20220509-150400.4.22.1 * kernel-firmware-iwlwifi-20220509-150400.4.22.1 * kernel-firmware-media-20220509-150400.4.22.1 * kernel-firmware-mwifiex-20220509-150400.4.22.1 * ucode-amd-20220509-150400.4.22.1 * kernel-firmware-realtek-20220509-150400.4.22.1 * kernel-firmware-atheros-20220509-150400.4.22.1 * kernel-firmware-i915-20220509-150400.4.22.1 * kernel-firmware-liquidio-20220509-150400.4.22.1 * kernel-firmware-ti-20220509-150400.4.22.1 * kernel-firmware-chelsio-20220509-150400.4.22.1 * kernel-firmware-sound-20220509-150400.4.22.1 * kernel-firmware-all-20220509-150400.4.22.1 * kernel-firmware-bluetooth-20220509-150400.4.22.1 * kernel-firmware-qlogic-20220509-150400.4.22.1 * kernel-firmware-radeon-20220509-150400.4.22.1 * kernel-firmware-qcom-20220509-150400.4.22.1 * kernel-firmware-platform-20220509-150400.4.22.1 * kernel-firmware-mediatek-20220509-150400.4.22.1 * kernel-firmware-ath11k-20220509-150400.4.22.1 * kernel-firmware-usb-network-20220509-150400.4.22.1 * kernel-firmware-nvidia-20220509-150400.4.22.1 * kernel-firmware-nfp-20220509-150400.4.22.1 * kernel-firmware-prestera-20220509-150400.4.22.1 * kernel-firmware-marvell-20220509-150400.4.22.1 * kernel-firmware-bnx2-20220509-150400.4.22.1 * kernel-firmware-amdgpu-20220509-150400.4.22.1 * kernel-firmware-serial-20220509-150400.4.22.1 * kernel-firmware-brcm-20220509-150400.4.22.1 * kernel-firmware-network-20220509-150400.4.22.1 * kernel-firmware-ath10k-20220509-150400.4.22.1 * kernel-firmware-ueagle-20220509-150400.4.22.1 * kernel-firmware-intel-20220509-150400.4.22.1 * kernel-firmware-dpaa2-20220509-150400.4.22.1 * openSUSE Leap Micro 5.4 (noarch) * kernel-firmware-mellanox-20220509-150400.4.22.1 * kernel-firmware-iwlwifi-20220509-150400.4.22.1 * kernel-firmware-media-20220509-150400.4.22.1 * kernel-firmware-mwifiex-20220509-150400.4.22.1 * ucode-amd-20220509-150400.4.22.1 * kernel-firmware-realtek-20220509-150400.4.22.1 * kernel-firmware-atheros-20220509-150400.4.22.1 * kernel-firmware-i915-20220509-150400.4.22.1 * kernel-firmware-liquidio-20220509-150400.4.22.1 * kernel-firmware-ti-20220509-150400.4.22.1 * kernel-firmware-chelsio-20220509-150400.4.22.1 * kernel-firmware-sound-20220509-150400.4.22.1 * kernel-firmware-all-20220509-150400.4.22.1 * kernel-firmware-bluetooth-20220509-150400.4.22.1 * kernel-firmware-qlogic-20220509-150400.4.22.1 * kernel-firmware-radeon-20220509-150400.4.22.1 * kernel-firmware-qcom-20220509-150400.4.22.1 * kernel-firmware-platform-20220509-150400.4.22.1 * kernel-firmware-mediatek-20220509-150400.4.22.1 * kernel-firmware-ath11k-20220509-150400.4.22.1 * kernel-firmware-usb-network-20220509-150400.4.22.1 * kernel-firmware-nvidia-20220509-150400.4.22.1 * kernel-firmware-nfp-20220509-150400.4.22.1 * kernel-firmware-prestera-20220509-150400.4.22.1 * kernel-firmware-marvell-20220509-150400.4.22.1 * kernel-firmware-bnx2-20220509-150400.4.22.1 * kernel-firmware-amdgpu-20220509-150400.4.22.1 * kernel-firmware-serial-20220509-150400.4.22.1 * kernel-firmware-brcm-20220509-150400.4.22.1 * kernel-firmware-network-20220509-150400.4.22.1 * kernel-firmware-ath10k-20220509-150400.4.22.1 * kernel-firmware-ueagle-20220509-150400.4.22.1 * kernel-firmware-intel-20220509-150400.4.22.1 * kernel-firmware-dpaa2-20220509-150400.4.22.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-firmware-mellanox-20220509-150400.4.22.1 * kernel-firmware-iwlwifi-20220509-150400.4.22.1 * kernel-firmware-media-20220509-150400.4.22.1 * kernel-firmware-mwifiex-20220509-150400.4.22.1 * ucode-amd-20220509-150400.4.22.1 * kernel-firmware-realtek-20220509-150400.4.22.1 * kernel-firmware-atheros-20220509-150400.4.22.1 * kernel-firmware-i915-20220509-150400.4.22.1 * kernel-firmware-liquidio-20220509-150400.4.22.1 * kernel-firmware-ti-20220509-150400.4.22.1 * kernel-firmware-chelsio-20220509-150400.4.22.1 * kernel-firmware-sound-20220509-150400.4.22.1 * kernel-firmware-all-20220509-150400.4.22.1 * kernel-firmware-bluetooth-20220509-150400.4.22.1 * kernel-firmware-qlogic-20220509-150400.4.22.1 * kernel-firmware-radeon-20220509-150400.4.22.1 * kernel-firmware-qcom-20220509-150400.4.22.1 * kernel-firmware-platform-20220509-150400.4.22.1 * kernel-firmware-mediatek-20220509-150400.4.22.1 * kernel-firmware-ath11k-20220509-150400.4.22.1 * kernel-firmware-usb-network-20220509-150400.4.22.1 * kernel-firmware-nvidia-20220509-150400.4.22.1 * kernel-firmware-nfp-20220509-150400.4.22.1 * kernel-firmware-prestera-20220509-150400.4.22.1 * kernel-firmware-marvell-20220509-150400.4.22.1 * kernel-firmware-bnx2-20220509-150400.4.22.1 * kernel-firmware-amdgpu-20220509-150400.4.22.1 * kernel-firmware-serial-20220509-150400.4.22.1 * kernel-firmware-brcm-20220509-150400.4.22.1 * kernel-firmware-network-20220509-150400.4.22.1 * kernel-firmware-ath10k-20220509-150400.4.22.1 * kernel-firmware-ueagle-20220509-150400.4.22.1 * kernel-firmware-intel-20220509-150400.4.22.1 * kernel-firmware-dpaa2-20220509-150400.4.22.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-firmware-mellanox-20220509-150400.4.22.1 * kernel-firmware-iwlwifi-20220509-150400.4.22.1 * kernel-firmware-media-20220509-150400.4.22.1 * kernel-firmware-mwifiex-20220509-150400.4.22.1 * ucode-amd-20220509-150400.4.22.1 * kernel-firmware-realtek-20220509-150400.4.22.1 * kernel-firmware-atheros-20220509-150400.4.22.1 * kernel-firmware-i915-20220509-150400.4.22.1 * kernel-firmware-liquidio-20220509-150400.4.22.1 * kernel-firmware-ti-20220509-150400.4.22.1 * kernel-firmware-chelsio-20220509-150400.4.22.1 * kernel-firmware-sound-20220509-150400.4.22.1 * kernel-firmware-all-20220509-150400.4.22.1 * kernel-firmware-bluetooth-20220509-150400.4.22.1 * kernel-firmware-qlogic-20220509-150400.4.22.1 * kernel-firmware-radeon-20220509-150400.4.22.1 * kernel-firmware-qcom-20220509-150400.4.22.1 * kernel-firmware-platform-20220509-150400.4.22.1 * kernel-firmware-mediatek-20220509-150400.4.22.1 * kernel-firmware-ath11k-20220509-150400.4.22.1 * kernel-firmware-usb-network-20220509-150400.4.22.1 * kernel-firmware-nvidia-20220509-150400.4.22.1 * kernel-firmware-nfp-20220509-150400.4.22.1 * kernel-firmware-prestera-20220509-150400.4.22.1 * kernel-firmware-marvell-20220509-150400.4.22.1 * kernel-firmware-bnx2-20220509-150400.4.22.1 * kernel-firmware-amdgpu-20220509-150400.4.22.1 * kernel-firmware-serial-20220509-150400.4.22.1 * kernel-firmware-brcm-20220509-150400.4.22.1 * kernel-firmware-network-20220509-150400.4.22.1 * kernel-firmware-ath10k-20220509-150400.4.22.1 * kernel-firmware-ueagle-20220509-150400.4.22.1 * kernel-firmware-intel-20220509-150400.4.22.1 * kernel-firmware-dpaa2-20220509-150400.4.22.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-firmware-mellanox-20220509-150400.4.22.1 * kernel-firmware-iwlwifi-20220509-150400.4.22.1 * kernel-firmware-media-20220509-150400.4.22.1 * kernel-firmware-mwifiex-20220509-150400.4.22.1 * ucode-amd-20220509-150400.4.22.1 * kernel-firmware-realtek-20220509-150400.4.22.1 * kernel-firmware-atheros-20220509-150400.4.22.1 * kernel-firmware-i915-20220509-150400.4.22.1 * kernel-firmware-liquidio-20220509-150400.4.22.1 * kernel-firmware-ti-20220509-150400.4.22.1 * kernel-firmware-chelsio-20220509-150400.4.22.1 * kernel-firmware-sound-20220509-150400.4.22.1 * kernel-firmware-all-20220509-150400.4.22.1 * kernel-firmware-bluetooth-20220509-150400.4.22.1 * kernel-firmware-qlogic-20220509-150400.4.22.1 * kernel-firmware-radeon-20220509-150400.4.22.1 * kernel-firmware-qcom-20220509-150400.4.22.1 * kernel-firmware-platform-20220509-150400.4.22.1 * kernel-firmware-mediatek-20220509-150400.4.22.1 * kernel-firmware-ath11k-20220509-150400.4.22.1 * kernel-firmware-usb-network-20220509-150400.4.22.1 * kernel-firmware-nvidia-20220509-150400.4.22.1 * kernel-firmware-nfp-20220509-150400.4.22.1 * kernel-firmware-prestera-20220509-150400.4.22.1 * kernel-firmware-marvell-20220509-150400.4.22.1 * kernel-firmware-bnx2-20220509-150400.4.22.1 * kernel-firmware-amdgpu-20220509-150400.4.22.1 * kernel-firmware-serial-20220509-150400.4.22.1 * kernel-firmware-brcm-20220509-150400.4.22.1 * kernel-firmware-network-20220509-150400.4.22.1 * kernel-firmware-ath10k-20220509-150400.4.22.1 * kernel-firmware-ueagle-20220509-150400.4.22.1 * kernel-firmware-intel-20220509-150400.4.22.1 * kernel-firmware-dpaa2-20220509-150400.4.22.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-firmware-mellanox-20220509-150400.4.22.1 * kernel-firmware-iwlwifi-20220509-150400.4.22.1 * kernel-firmware-media-20220509-150400.4.22.1 * kernel-firmware-mwifiex-20220509-150400.4.22.1 * ucode-amd-20220509-150400.4.22.1 * kernel-firmware-realtek-20220509-150400.4.22.1 * kernel-firmware-atheros-20220509-150400.4.22.1 * kernel-firmware-i915-20220509-150400.4.22.1 * kernel-firmware-liquidio-20220509-150400.4.22.1 * kernel-firmware-ti-20220509-150400.4.22.1 * kernel-firmware-chelsio-20220509-150400.4.22.1 * kernel-firmware-sound-20220509-150400.4.22.1 * kernel-firmware-all-20220509-150400.4.22.1 * kernel-firmware-bluetooth-20220509-150400.4.22.1 * kernel-firmware-qlogic-20220509-150400.4.22.1 * kernel-firmware-radeon-20220509-150400.4.22.1 * kernel-firmware-qcom-20220509-150400.4.22.1 * kernel-firmware-platform-20220509-150400.4.22.1 * kernel-firmware-mediatek-20220509-150400.4.22.1 * kernel-firmware-ath11k-20220509-150400.4.22.1 * kernel-firmware-usb-network-20220509-150400.4.22.1 * kernel-firmware-nvidia-20220509-150400.4.22.1 * kernel-firmware-nfp-20220509-150400.4.22.1 * kernel-firmware-prestera-20220509-150400.4.22.1 * kernel-firmware-marvell-20220509-150400.4.22.1 * kernel-firmware-bnx2-20220509-150400.4.22.1 * kernel-firmware-amdgpu-20220509-150400.4.22.1 * kernel-firmware-serial-20220509-150400.4.22.1 * kernel-firmware-brcm-20220509-150400.4.22.1 * kernel-firmware-network-20220509-150400.4.22.1 * kernel-firmware-ath10k-20220509-150400.4.22.1 * kernel-firmware-ueagle-20220509-150400.4.22.1 * kernel-firmware-intel-20220509-150400.4.22.1 * kernel-firmware-dpaa2-20220509-150400.4.22.1 * Basesystem Module 15-SP4 (noarch) * kernel-firmware-mellanox-20220509-150400.4.22.1 * kernel-firmware-iwlwifi-20220509-150400.4.22.1 * kernel-firmware-media-20220509-150400.4.22.1 * kernel-firmware-mwifiex-20220509-150400.4.22.1 * ucode-amd-20220509-150400.4.22.1 * kernel-firmware-realtek-20220509-150400.4.22.1 * kernel-firmware-atheros-20220509-150400.4.22.1 * kernel-firmware-i915-20220509-150400.4.22.1 * kernel-firmware-liquidio-20220509-150400.4.22.1 * kernel-firmware-ti-20220509-150400.4.22.1 * kernel-firmware-chelsio-20220509-150400.4.22.1 * kernel-firmware-sound-20220509-150400.4.22.1 * kernel-firmware-all-20220509-150400.4.22.1 * kernel-firmware-bluetooth-20220509-150400.4.22.1 * kernel-firmware-qlogic-20220509-150400.4.22.1 * kernel-firmware-radeon-20220509-150400.4.22.1 * kernel-firmware-qcom-20220509-150400.4.22.1 * kernel-firmware-platform-20220509-150400.4.22.1 * kernel-firmware-mediatek-20220509-150400.4.22.1 * kernel-firmware-ath11k-20220509-150400.4.22.1 * kernel-firmware-usb-network-20220509-150400.4.22.1 * kernel-firmware-nvidia-20220509-150400.4.22.1 * kernel-firmware-nfp-20220509-150400.4.22.1 * kernel-firmware-prestera-20220509-150400.4.22.1 * kernel-firmware-marvell-20220509-150400.4.22.1 * kernel-firmware-bnx2-20220509-150400.4.22.1 * kernel-firmware-amdgpu-20220509-150400.4.22.1 * kernel-firmware-serial-20220509-150400.4.22.1 * kernel-firmware-brcm-20220509-150400.4.22.1 * kernel-firmware-network-20220509-150400.4.22.1 * kernel-firmware-ath10k-20220509-150400.4.22.1 * kernel-firmware-ueagle-20220509-150400.4.22.1 * kernel-firmware-intel-20220509-150400.4.22.1 * kernel-firmware-dpaa2-20220509-150400.4.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20569.html * https://bugzilla.suse.com/show_bug.cgi?id=1213287 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 16:30:14 -0000 Subject: SUSE-SU-2023:3359-1: important: Security update for ucode-intel Message-ID: <169237621477.21269.15362624581460644328@smelt2.suse.de> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:3359-1 Rating: important References: * #1206418 * #1214099 Cross-References: * CVE-2022-40982 * CVE-2022-41804 * CVE-2023-23908 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2022-41804 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H * CVE-2023-23908 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230808 release. (bsc#1214099) * CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure. * CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure. * CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3359=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3359=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3359=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20230808-150100.3.223.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * ucode-intel-20230808-150100.3.223.1 * SUSE CaaS Platform 4.0 (x86_64) * ucode-intel-20230808-150100.3.223.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * ucode-intel-20230808-150100.3.223.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2022-41804.html * https://www.suse.com/security/cve/CVE-2023-23908.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1214099 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 18 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Aug 2023 20:30:05 -0000 Subject: SUSE-SU-2023:3365-1: important: Security update for krb5 Message-ID: <169239060595.12910.17356385251027004840@smelt2.suse.de> # Security update for krb5 Announcement ID: SUSE-SU-2023:3365-1 Rating: important References: * #1214054 Cross-References: * CVE-2023-36054 CVSS scores: * CVE-2023-36054 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-36054 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for krb5 fixes the following issues: * CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3365=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3365=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3365=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3365=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3365=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3365=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3365=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3365=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3365=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3365=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3365=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * krb5-debugsource-1.19.2-150300.13.1 * krb5-client-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-1.19.2-150300.13.1 * krb5-server-1.19.2-150300.13.1 * krb5-client-debuginfo-1.19.2-150300.13.1 * krb5-devel-1.19.2-150300.13.1 * krb5-server-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-1.19.2-150300.13.1 * krb5-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * krb5-32bit-1.19.2-150300.13.1 * krb5-32bit-debuginfo-1.19.2-150300.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * krb5-debugsource-1.19.2-150300.13.1 * krb5-client-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-1.19.2-150300.13.1 * krb5-server-1.19.2-150300.13.1 * krb5-client-debuginfo-1.19.2-150300.13.1 * krb5-devel-1.19.2-150300.13.1 * krb5-server-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-1.19.2-150300.13.1 * krb5-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * krb5-32bit-1.19.2-150300.13.1 * krb5-32bit-debuginfo-1.19.2-150300.13.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * krb5-debugsource-1.19.2-150300.13.1 * krb5-client-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-1.19.2-150300.13.1 * krb5-server-1.19.2-150300.13.1 * krb5-client-debuginfo-1.19.2-150300.13.1 * krb5-devel-1.19.2-150300.13.1 * krb5-server-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-1.19.2-150300.13.1 * krb5-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.13.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * krb5-32bit-1.19.2-150300.13.1 * krb5-32bit-debuginfo-1.19.2-150300.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * krb5-debugsource-1.19.2-150300.13.1 * krb5-client-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-1.19.2-150300.13.1 * krb5-server-1.19.2-150300.13.1 * krb5-client-debuginfo-1.19.2-150300.13.1 * krb5-devel-1.19.2-150300.13.1 * krb5-server-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-1.19.2-150300.13.1 * krb5-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * krb5-32bit-1.19.2-150300.13.1 * krb5-32bit-debuginfo-1.19.2-150300.13.1 * SUSE Manager Proxy 4.2 (x86_64) * krb5-32bit-1.19.2-150300.13.1 * krb5-debugsource-1.19.2-150300.13.1 * krb5-client-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-1.19.2-150300.13.1 * krb5-server-1.19.2-150300.13.1 * krb5-client-debuginfo-1.19.2-150300.13.1 * krb5-devel-1.19.2-150300.13.1 * krb5-32bit-debuginfo-1.19.2-150300.13.1 * krb5-server-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-1.19.2-150300.13.1 * krb5-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.13.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * krb5-32bit-1.19.2-150300.13.1 * krb5-debugsource-1.19.2-150300.13.1 * krb5-client-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-1.19.2-150300.13.1 * krb5-server-1.19.2-150300.13.1 * krb5-client-debuginfo-1.19.2-150300.13.1 * krb5-devel-1.19.2-150300.13.1 * krb5-32bit-debuginfo-1.19.2-150300.13.1 * krb5-server-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-1.19.2-150300.13.1 * krb5-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.13.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * krb5-debugsource-1.19.2-150300.13.1 * krb5-client-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-1.19.2-150300.13.1 * krb5-server-1.19.2-150300.13.1 * krb5-client-debuginfo-1.19.2-150300.13.1 * krb5-devel-1.19.2-150300.13.1 * krb5-server-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-1.19.2-150300.13.1 * krb5-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.13.1 * SUSE Manager Server 4.2 (x86_64) * krb5-32bit-1.19.2-150300.13.1 * krb5-32bit-debuginfo-1.19.2-150300.13.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * krb5-debugsource-1.19.2-150300.13.1 * krb5-client-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-1.19.2-150300.13.1 * krb5-server-1.19.2-150300.13.1 * krb5-client-debuginfo-1.19.2-150300.13.1 * krb5-devel-1.19.2-150300.13.1 * krb5-server-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-1.19.2-150300.13.1 * krb5-1.19.2-150300.13.1 * krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.13.1 * krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-plugin-kdb-ldap-1.19.2-150300.13.1 * krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.13.1 * SUSE Enterprise Storage 7.1 (x86_64) * krb5-32bit-1.19.2-150300.13.1 * krb5-32bit-debuginfo-1.19.2-150300.13.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * krb5-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-debugsource-1.19.2-150300.13.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * krb5-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-debugsource-1.19.2-150300.13.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * krb5-1.19.2-150300.13.1 * krb5-debuginfo-1.19.2-150300.13.1 * krb5-debugsource-1.19.2-150300.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36054.html * https://bugzilla.suse.com/show_bug.cgi?id=1214054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Aug 19 07:08:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Aug 2023 09:08:26 +0200 (CEST) Subject: SUSE-CU-2023:2723-1: Security update of suse/sles12sp5 Message-ID: <20230819070826.99225FCA4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2723-1 Container Tags : suse/sles12sp5:6.5.500 , suse/sles12sp5:latest Container Release : 6.5.500 Severity : moderate Type : security References : 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3339-1 Released: Thu Aug 17 12:33:58 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.84.1 updated - openssl-1_0_0-1.0.2p-3.84.1 updated From sle-updates at lists.suse.com Sun Aug 20 07:01:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Aug 2023 09:01:54 +0200 (CEST) Subject: SUSE-IU-2023:577-1: Security update of suse-sles-15-sp5-chost-byos-v20230816-x86_64-gen2 Message-ID: <20230820070154.0FDF7FDCB@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20230816-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:577-1 Image Tags : suse-sles-15-sp5-chost-byos-v20230816-x86_64-gen2:20230816 Image Release : Severity : important Type : security References : 1089497 1150305 1184758 1186673 1193629 1194557 1194869 1201399 1203300 1204563 1206418 1206627 1207129 1207805 1207894 1207948 1208003 1208788 1209536 1210273 1210323 1210627 1210780 1210799 1210825 1211026 1211079 1211131 1211243 1211738 1211811 1211867 1212256 1212301 1212375 1212445 1212496 1212502 1212525 1212604 1212613 1212756 1212766 1212806 1212846 1212879 1212901 1212905 1212928 1213004 1213008 1213049 1213059 1213061 1213167 1213170 1213171 1213172 1213173 1213174 1213189 1213205 1213206 1213226 1213233 1213237 1213245 1213247 1213252 1213258 1213259 1213263 1213264 1213272 1213286 1213287 1213304 1213384 1213386 1213417 1213443 1213472 1213487 1213493 1213504 1213514 1213517 1213523 1213524 1213533 1213543 1213578 1213585 1213586 1213588 1213601 1213620 1213632 1213653 1213705 1213713 1213715 1213747 1213756 1213759 1213777 1213810 1213812 1213853 1213856 1213857 1213863 1213867 1213870 1213871 1213872 1214054 CVE-2020-25720 CVE-2021-3429 CVE-2022-2127 CVE-2022-40982 CVE-2022-41409 CVE-2022-48468 CVE-2023-0459 CVE-2023-1786 CVE-2023-20569 CVE-2023-20593 CVE-2023-21400 CVE-2023-2156 CVE-2023-2166 CVE-2023-2985 CVE-2023-31083 CVE-2023-3117 CVE-2023-31248 CVE-2023-32001 CVE-2023-3268 CVE-2023-33460 CVE-2023-3347 CVE-2023-3390 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-35001 CVE-2023-3567 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3812 CVE-2023-3817 CVE-2023-38408 CVE-2023-38409 CVE-2023-3863 CVE-2023-4004 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20230816-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2143-1 Released: Tue May 9 14:49:45 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2901-1 Released: Thu Jul 20 09:49:16 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1212613 This update for lvm2 fixes the following issues: - multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2905-1 Released: Thu Jul 20 10:17:54 2023 Summary: Recommended update for fstrm Type: recommended Severity: moderate References: This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add '-c' / '--connections' option to limit the number of concurrent connections it will accept. - fstrm_capture: add '-b / --buffer-size' option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2910-1 Released: Thu Jul 20 10:59:53 2023 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1204563 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2927-1 Released: Fri Jul 21 07:05:30 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1211026,1212806 This update for wicked fixes the following issues: - Fix arp notify loop and burst sending (bsc#1212806) - Update to version 0.6.73 - Allow verify/notify counter and interval configuration - Handle ENOBUFS sending errors (bsc#1203300) - Improve environment variable handling - Refactor firmware extension definition - Enable, disable and revert cli commands - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - Output formatting improvements and Unicode support ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2929-1 Released: Fri Jul 21 10:09:07 2023 Summary: Security update for samba Type: security Severity: important References: 1212375,1213170,1213171,1213172,1213173,1213174,1213384,1213386,CVE-2020-25720,CVE-2022-2127,CVE-2023-3347,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968 This update for samba fixes the following issues: samba was updated to version 4.17.9: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). - CVE-2023-3347: Fixed issue where SMB2 packet signing not enforced (bsc#1213170). - CVE-2020-25720: Fixed issue where creating child permission allowed full write to all attributes (bsc#1213386). Bugfixes: - Fixed trust relationship failure (bsc#1213384). - Backported --pidl-developer fixes. - Fixed smbd_scavenger crash when service smbd is stopped. - Fixed issue where vfs_fruit might cause a failing open for delete. - Fixed named crashes on DLZ zone update. - Fixed issue where winbind recurses into itself via rpcd_lsad. - Fixed cli_list looping 100% CPU against pre-lanman2 servers. - Fixed smbclient leaks fds with showacls. - Fixed aes256 smb3 encryption algorithms not allowed in smb3_sid_parse(). - Fixed winbindd getting stuck on NT_STATUS_RPC_SEC_PKG_ERROR. - Fixed smbget memory leak if failed to download files recursively. - Fixed log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower. - Fixed floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c. - Fixed test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners. - Reduce flapping of ridalloc test. - Fixed unreliable large_ldap test. - Fixed filename parser not checking veto files smb.conf parameter. - Fixed mdssvc may crash when initializing. - Fixed broken large directory optimization for non-lcomp path elements - Fixed streams_depot failing to create streams. - Fixed shadow_copy2 and streams_depot issues. - Fixed wbinfo -u fails on ad dc with >1000 users. - Fixed winbindd idmap child contacting the domain controller without a need. - Fixed idmap_autorid may fail to map sids of trusted domains for the first time. - Fixed idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings. - Fixed net ads search -P doesn't work against servers in other domains. - Fixed DS ACEs might be inherited to unrelated object classes. - Fixed temporary smbXsrv_tcon_global.tdb can't be parsed. - Fixed setting veto files = /.*/ breaking listing directories (bsc#1212375). - Fixed dsgetdcname assuming local system uses IPv4. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3088-1 Released: Tue Aug 1 09:52:03 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1212496 This update for systemd-presets-common-SUSE fixes the following issues: - Fix systemctl being called with an empty argument (bsc#1212496) - Don't call systemctl list-unit-files with an empty argument (bsc#1212496) - Add wtmpdb-update-boot.service and wtmpdb-rotate.timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3117-1 Released: Wed Aug 2 05:57:30 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1212756 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3170-1 Released: Thu Aug 3 08:02:27 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3172-1 Released: Thu Aug 3 08:36:43 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1150305,1193629,1194869,1207894,1208788,1211243,1211867,1212256,1212301,1212525,1212846,1212905,1213059,1213061,1213205,1213206,1213226,1213233,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213286,1213493,1213523,1213524,1213533,1213543,1213705,CVE-2023-20593,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3812 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: - Dropped patch that caused issues with k3s (bsc#1213705). - ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git-fixes). - ASoC: SOF: topology: Fix logic for copying tuples (git-fixes). - Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git-fixes). - Bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes). - Bluetooth: ISO: fix iso_conn related locking and validity issues (git-fixes). - Bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes). - Bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes). - Bluetooth: fix use-bdaddr-property quirk (git-fixes). - Bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes). - Bluetooth: hci_event: call disconnect callback before deleting conn (git-fixes). - Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes). - Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git-fixes). - Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (bsc#1212525). - PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git-fixes). - Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes) - Revert 'drm/i915: Disable DSB usage for now' (git-fixes). - USB: dwc2: Fix some error handling paths (git-fixes). - USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). - USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). - USB: typec: Fix fast_role_swap_current show function (git-fixes). - Update config and supported.conf files due to renaming. - acpi: Fix suspend with Xen PV (git-fixes). - adreno: Shutdown the GPU properly (git-fixes). - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes) - arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - can: bcm: Fix UAF in bcm_proc_show() (git-fixes). - ceph: add a dedicated private data for netfs rreq (bsc#1213205). - ceph: fix blindly expanding the readahead windows (bsc#1213206). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in DebugData (bsc#1193629). - cifs: print client_guid in DebugData (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - codel: fix kernel-doc notation warnings (git-fixes). - cpufreq: tegra194: Fix module loading (git-fixes). - devlink: fix kernel-doc notation warnings (git-fixes). - dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes). - drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes). - drm/amd/amdgpu: limit one queue per gang (git-fixes). - drm/amd/amdgpu: update mes11 api def (git-fixes). - drm/amd/display (gcc13): fix enum mismatch (git-fixes). - drm/amd/display: Add Z8 allow states to z-state support list (git-fixes). - drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes). - drm/amd/display: Add minimum Z8 residency debug option (git-fixes). - drm/amd/display: Add missing WA and MCLK validation (git-fixes). - drm/amd/display: Change default Z8 watermark values (git-fixes). - drm/amd/display: Correct DML calculation to align HW formula (git-fixes). - drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes). - drm/amd/display: Do not update DRR while BW optimizations pending (git-fixes). - drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes). - drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes). - drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes). - drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes). - drm/amd/display: Fix Z8 support configurations (git-fixes). - drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes). - drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes). - drm/amd/display: Have Payload Properly Created After Resume (git-fixes). - drm/amd/display: Lowering min Z8 residency time (git-fixes). - drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes). - drm/amd/display: Refactor eDP PSR codes (git-fixes). - drm/amd/display: Remove FPU guards from the DML folder (git-fixes). - drm/amd/display: Remove optimization for VRR updates (git-fixes). - drm/amd/display: Remove stutter only configurations (git-fixes). - drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes). - drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes). - drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes). - drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes). - drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes). - drm/amd/display: fix a divided-by-zero error (git-fixes). - drm/amd/display: fixed dcn30+ underflow issue (git-fixes). - drm/amd/display: limit timing for single dimm memory (git-fixes). - drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes). - drm/amd/display: set dcn315 lb bpp to 48 (git-fixes). - drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (git-fixes). - drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes). - drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (git-fixes). - drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git-fixes). - drm/amd/pm: resolve reboot exception for si oland (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes). - drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes). - drm/amd/pm: workaround for compute workload type on some skus (git-fixes). - drm/amd: Add a new helper for loading/validating microcode (git-fixes). - drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes). - drm/amd: Load MES microcode during early_init (git-fixes). - drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes). - drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git-fixes). - drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes). - drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes). - drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes). - drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes). - drm/amdgpu/mes11: enable reg active poll (git-fixes). - drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes). - drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git-fixes). - drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes). - drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes). - drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes). - drm/amdgpu: Fix sdma v4 sw fini error (git-fixes). - drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes). - drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git-fixes). - drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes). - drm/amdgpu: change reserved vram info print (git-fixes). - drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes). - drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes). - drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes). - drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes). - drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes). - drm/amdgpu: refine get gpu clock counter method (git-fixes). - drm/amdgpu: remove deprecated MES version vars (git-fixes). - drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes). - drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes). - drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes). - drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes). - drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes). - drm/bridge: anx7625: Prevent endless probe loop (git-fixes). - drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes). - drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes). - drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). - drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes). - drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes). - drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes). - drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes). - drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes). - drm/etnaviv: move idle mapping reaping into separate function (git-fixes). - drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes). - drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs (bsc#1213493). - drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes). - drm/i915/gt: Cleanup partial engine discovery failures (git-fixes). - drm/i915/guc: Add error-capture init warnings when needed (git-fixes). - drm/i915/guc: Fix missing ecodes (git-fixes). - drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes). - drm/i915/guc: Rename GuC register state capture node to be more obvious (git-fixes). - drm/i915/mtl: update scaler source and destination limits for MTL (git-fixes). - drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git-fixes). - drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git-fixes). - drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git-fixes). - drm/i915: Allow panel fixed modes to have differing sync polarities (git-fixes). - drm/i915: Check pipe source size when using skl+ scalers (git-fixes). - drm/i915: Do panel VBT init early if the VBT declares an explicit panel type (git-fixes). - drm/i915: Fix TypeC mode initialization during system resume (git-fixes). - drm/i915: Fix a memory leak with reused mmap_offset (git-fixes). - drm/i915: Fix negative value passed as remaining time (git-fixes). - drm/i915: Fix one wrong caching mode enum usage (git-fixes). - drm/i915: Introduce intel_panel_init_alloc() (git-fixes). - drm/i915: Never return 0 if not all requests retired (git-fixes). - drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes). - drm/i915: Print return value on error (git-fixes). - drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes). - drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes). - drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes). - drm/msm/adreno: Simplify read64/write64 helpers (git-fixes). - drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes). - drm/msm/dpu: Assign missing writeback log_mask (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes). - drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git-fixes). - drm/msm/hdmi: use devres helper for runtime PM management (git-fixes). - drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git-fixes). - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes). - drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). - drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes). - drm/ttm: Do not leak a resource on swapout move error (git-fixes). - drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes). - drm/virtio: Simplify error handling of virtio_gpu_object_create() (git-fixes). - drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes). - drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable implementation (git-fixes). - drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable (git-fixes). - drm/vmwgfx: Remove ttm object hashtable (git-fixes). - drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes). - drm/vmwgfx: Write the driver id registers (git-fixes). - drm: Add fixed-point helper to get rounded integer values (git-fixes). - drm: Add missing DP DSC extended capability definitions (git-fixes). - drm: Optimize drm buddy top-down allocation method (git-fixes). - drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git-fixes). - drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes). - drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes). - drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes). - drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes). - fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226). - irqchip/gic-v3: Claim iomem resources (bsc#1213533) - irqchip/gicv3: Handle resource request failure consistently (bsc#1213533) - irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533) - kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kabi/severities: ignore kABI of i915 module It's exported only for its sub-module, not really used by externals - kabi/severities: ignore kABI of vmwgfx The driver exports a function unnecessarily without used by anyone else. Ignore the kABI changes. - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - net: mana: Add support for vlan tagging (bsc#1212301). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git-fixes). - net: qrtr: start MHI channel after endpoit creation (git-fixes). - nilfs2: reject devices with insufficient block count (git-fixes). - ocfs2: Switch to security_inode_init_security() (git-fixes). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - perf/x86/amd/core: Always clear status for idx (bsc#1213233). - pie: fix kernel-doc notation warning (git-fixes). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: Fix VAS mm use after free (bsc#1194869). - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: Fix kernel config grep (bsc#1194869). - powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close (jsc#PED-542 git-fixes). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*. - rsi: remove kernel-doc comment marker (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). - s390/pci: clean up left over special treatment for function zero (bsc#1212525). - s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525). - s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525). - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - security: keys: Modify mismatched function name (git-fixes). - selftests/ir: fix build with ancient kernel headers (git-fixes). - selftests: cgroup: fix unsigned comparison with less than zero (git-fixes). - selftests: forwarding: Fix packet matching in mirroring selftests (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add ConnTrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). - signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in SMB2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in CIFSFindFirst() (bsc#1193629). - smb: client: fix warning in CIFSFindNext() (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve DFS mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes). - soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes). - soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart (git-fixes). - wifi: ath11k: Add missing check for ioremap (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes). - x86/platform/uv: Add platform resolving #defines for misc GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256 jsc#PED-4718). - x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718). - x86/platform/uv: When searching for minimums, start at INT_MAX not 99999 (bsc#1212256 jsc#PED-4718). - x86: Fix .brk attribute in linker script (git-fixes). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk AIL insertion (git-fixes). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3196-1 Released: Fri Aug 4 10:02:04 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1213443 This update for protobuf-c fixes the following issues: - Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3253-1 Released: Wed Aug 9 10:52:10 2023 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1213049 This update for bind fixes the following issues: - Add dnstap support (jsc#PED-4852) - Log named-checkconf output (bsc#1213049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3276-1 Released: Fri Aug 11 10:20:40 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3282-1 Released: Fri Aug 11 10:26:23 2023 Summary: Recommended update for blog Type: recommended Severity: moderate References: This update for blog fixes the following issues: - Fix big endian cast problems to be able to read commands and ansers as well as passphrases ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3283-1 Released: Fri Aug 11 10:28:34 2023 Summary: Feature update for cloud-init Type: feature Severity: moderate References: 1184758,1210273,1212879,CVE-2021-3429,CVE-2023-1786 This update for cloud-init fixes the following issues: - Default route is not configured (bsc#1212879) - cloud-final service failing in powerVS (bsc#1210273) - Randomly generated passwords logged in clear-text to world-readable file (bsc#1184758, CVE-2021-3429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3301-1 Released: Mon Aug 14 07:24:59 2023 Summary: Security update for libyajl Type: security Severity: moderate References: 1212928,CVE-2023-33460 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3311-1 Released: Mon Aug 14 16:23:36 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206418,1207129,1207948,1210627,1210780,1210825,1211131,1211738,1211811,1212445,1212502,1212604,1212766,1212901,1213167,1213272,1213287,1213304,1213417,1213578,1213585,1213586,1213588,1213601,1213620,1213632,1213653,1213713,1213715,1213747,1213756,1213759,1213777,1213810,1213812,1213856,1213857,1213863,1213867,1213870,1213871,1213872,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-21400,CVE-2023-2156,CVE-2023-2166,CVE-2023-31083,CVE-2023-3268,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-38409,CVE-2023-3863,CVE-2023-4004 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ???Inception??? or ???RAS Poisoning??? (bsc#1213287). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-38409: Fixed an issue in set_con2fb_map in drivers/video/fbdev/core/fbcon.c. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info) (bsc#1213417). - CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC. This flaw allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid() (bsc#1212445). - ACPI: CPPC: Add definition for undefined FADT preferred PM profile value (bsc#1212445). - ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() (git-fixes). - ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - afs: Adjust ACK interpretation to try and cope with NAT (git-fixes). - afs: Fix access after dec in put functions (git-fixes). - afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: Fix dynamic root getattr (git-fixes). - afs: Fix fileserver probe RTT handling (git-fixes). - afs: Fix infinite loop found by xfstest generic/676 (git-fixes). - afs: Fix lost servers_outstanding count (git-fixes). - afs: Fix server->active leak in afs_put_server (git-fixes). - afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: Fix updating of i_size with dv jump from server (git-fixes). - afs: Fix vlserver probe RTT handling (git-fixes). - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). - afs: Use refcount_t rather than atomic_t (git-fixes). - afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). - ALSA: emu10k1: roll up loops in DSP setup code for Audigy (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). - ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). - ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). - ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes). - ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (git-fixes). - ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (git-fixes). - ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset (bsc#1207129). - ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (git-fixes). - ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (git-fixes). - ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes). - ALSA: usb-audio: Avoid unnecessary interface change at EP close (git-fixes). - ALSA: usb-audio: Clear fixed clock rate at closing EP (git-fixes). - ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() (git-fixes). - ALSA: usb-audio: Drop superfluous interface setup at parsing (git-fixes). - ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (git-fixes). - ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (git-fixes). - ALSA: usb-audio: More refactoring of hw constraint rules (git-fixes). - ALSA: usb-audio: Properly refcounting clock rate (git-fixes). - ALSA: usb-audio: Rate limit usb_set_interface error reporting (git-fixes). - ALSA: usb-audio: Refcount multiple accesses on the single clock (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) (git-fixes). - ALSA: usb-audio: Update for native DSD support quirks (git-fixes). - ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update (git-fixes). - ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes). - amd-pstate: Fix amd_pstate mode switch (git-fixes). - ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count() (git-fixes). - ASoC: atmel: Fix the 8K sample parameter in I2SC master (git-fixes). - ASoc: codecs: ES8316: Fix DMIC config (git-fixes). - ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). - ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - ASoC: da7219: Check for failure reading AAD IRQ events (git-fixes). - ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes). - ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes). - ASoC: fsl_spdif: Silence output on stop (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (git-fixes). - ASoC: rt711: fix for JD event handling in ClockStop Mode0 (git-fixes). - ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (git-fixes). - ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() (git-fixes). - ASoC: tegra: Fix ADX byte map (git-fixes). - ASoC: tegra: Fix AMX byte map (git-fixes). - ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: Fix division by zero error on zero wsum (bsc#1213653). - block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - bus: mhi: add new interfaces to handle MHI channels directly (bsc#1207948). - bus: mhi: host: add destroy_device argument to mhi_power_down() (bsc#1207948). - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - coda: Avoid partial allocation of sig_inputArgs (git-fixes). - cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection (bsc#1212445). - cpufreq: amd-pstate: Add AMD P-State frequencies attributes (bsc#1212445). - cpufreq: amd-pstate: Add AMD P-State performance attributes (bsc#1212445). - cpufreq: amd-pstate: Add boost mode support for AMD P-State (bsc#1212445). - cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445). - cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445). - cpufreq: amd-pstate: Add fast switch function for AMD P-State (bsc#1212445). - cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445). - cpufreq: amd-pstate: Add guided mode control support via sysfs (bsc#1212445). - cpufreq: amd-pstate: Add more tracepoint for AMD P-State module (bsc#1212445). - cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1212445). - cpufreq: amd-pstate: Add trace for AMD P-State module (bsc#1212445). - cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445). - cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1212445). - cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445). - cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init (bsc#1212445). - cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445). - cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1212445). - cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ (bsc#1212445). - cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State (bsc#1212445). - cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1212445). - cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment (bsc#1212445). - cpufreq: amd-pstate: fix white-space (bsc#1212445). - cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445). - cpufreq: amd-pstate: implement amd pstate cpu online and offline callback (bsc#1212445). - cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors (bsc#1212445). - cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445). - cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future processors (bsc#1212445). - cpufreq: amd-pstate: Introduce the support for the processors with shared memory solution (bsc#1212445). - cpufreq: amd-pstate: Let user know amd-pstate is disabled (bsc#1212445). - cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated (bsc#1212445). - cpufreq: amd-pstate: Make varaiable mode_state_machine static (bsc#1212445). - cpufreq: amd_pstate: map desired perf into pstate scope for powersave governor (bsc#1212445). - cpufreq: amd-pstate: optimize driver working mode selection in amd_pstate_param() (bsc#1212445). - cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver (bsc#1212445). - cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules (bsc#1212445). - cpufreq: amd-pstate: Set a fallback policy based on preferred_profile (bsc#1212445). - cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445). - cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() (bsc#1212445). - cpufreq: amd-pstate: update pstate frequency transition delay time (bsc#1212445). - cpufreq: amd-pstate: Write CPPC enable bit per-socket (bsc#1212445). - crypto: kpp - Add helper to set reqsize (git-fixes). - crypto: qat - Use helper to set reqsize (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - Documentation: cpufreq: amd-pstate: Move amd_pstate param to alphabetical order (bsc#1212445). - Documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - drm/amd/display: Add monitor specific edid quirk (git-fixes). - drm/amd/display: Add polling method to handle MST reply packet (bsc#1213578). - drm/amd/display: check TG is non-null before checking if enabled (git-fixes). - drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). - drm/amd/display: Disable MPC split by default on special asic (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: fix seamless odm transitions (git-fixes). - drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). - drm/amd/display: only accept async flips for fast updates (git-fixes). - drm/amd/display: Only update link settings after successful MST link train (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event() (git-fixes). - drm/amd: Fix an error handling mistake in psp_sw_init() (git-fixes). - drm/amdgpu: add the fan abnormal detection feature (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes). - drm/amdgpu: Fix minmax warning (git-fixes). - drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes). - drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (git-fixes). - drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes). - drm/amd/pm: share the code around SMU13 pcie parameters update (git-fixes). - drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (git-fixes). - drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Clear MSG_RDY flag before sending new message (bsc#1213578). - drm: Fix null pointer dereference in drm_dp_atomic_find_time_slots() (bsc#1213578). - drm/i915: Do not preserve dpll_hw_state for slave crtc in Bigjoiner (git-fixes). - drm/i915/dpt: Use shmem for dpt objects (git-fixes). - drm/i915: Fix an error handling path in igt_write_huge() (git-fixes). - drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks (git-fixes). - drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes). - drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). - drm/ttm: fix bulk_move corruption when adding a entry (git-fixes). - drm/ttm: fix warning that we shouldn't mix && and || (git-fixes). - drm/vmwgfx: Fix Legacy Display Unit atomic drm support (bsc#1213632). - drm/vmwgfx: Remove explicit and broken vblank handling (bsc#1213632). - drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632). - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: Removed unneeded release_mem_region (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). - fs: dlm: return positive pid value for F_GETLK (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes). - FS: JFS: Check for read-only mounted filesystem in txBegin (git-fixes). - FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes). - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). - gve: Set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hwmon: (adm1275) Allow setting sample averaging (git-fixes). - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes). - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: Do not try to handle more interrupt events after error (git-fixes). - iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED (git-fixes). - iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (git-fixes). - iavf: Fix out-of-bounds when setting channels on remove (git-fixes). - iavf: fix potential deadlock on allocation failure (git-fixes). - iavf: fix reset task race with iavf_remove() (git-fixes). - iavf: Fix use-after-free in free_netdev (git-fixes). - iavf: Move netdev_update_features() into watchdog task (git-fixes). - iavf: use internal state to free traffic IRQs (git-fixes). - iavf: Wait for reset in callbacks which trigger it (git-fixes). - IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) - ice: Fix max_rate check while configuring TX rate limits (git-fixes). - ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: handle extts in the miscellaneous interrupt thread (git-fixes). - igc: Check if hardware TX timestamping is enabled earlier (git-fixes). - igc: Enable and fix RX hash usage by netstack (git-fixes). - igc: Fix inserting of empty frame for launchtime (git-fixes). - igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). - igc: Fix launchtime before start of cycle (git-fixes). - igc: Fix race condition in PTP tx code (git-fixes). - igc: Handle PPS start time programming for past time values (git-fixes). - igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). - igc: Remove delay during TX ring configuration (git-fixes). - igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - igc: Work around HW bug causing missing timestamps (git-fixes). - Input: i8042 - add Clevo PCX0DX to i8042 quirk table (git-fixes). - Input: iqs269a - do not poll during ATI (git-fixes). - Input: iqs269a - do not poll during suspend or resume (git-fixes). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). - kABI fix after Restore kABI for NVidia vGPU driver (bsc#1210825). - kabi/severities: relax kABI for ath11k local symbols (bsc#1207948) - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). - KVM: arm64: Do not read a HW interrupt pending state in user context (git-fixes) - KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620) - KVM: Do not null dereference ops->destroy (git-fixes) - KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes) - KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes) - KVM: s390: pv: fix index value of replaced ASCE (git-fixes bsc#1213867). - KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (git-fixes). - KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (git-fixes). - KVM: VMX: restore vmx_vmexit alignment (git-fixes). - KVM: x86: Account fastpath-only VM-Exits in vCPU stats (git-fixes). - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - MAINTAINERS: Add AMD P-State driver maintainer entry (bsc#1212445). - m ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes). - md: add error_handlers for raid0 and linear (bsc#1212766). - media: staging: atomisp: select V4L2_FWNODE (git-fixes). - mhi_power_down() kABI workaround (bsc#1207948). - mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). - net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). - net/mlx5: DR, Support SW created encap actions for FW table (git-fixes). - net/mlx5e: Check for NOT_READY flag state after locking (git-fixes). - net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes). - net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes). - net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes). - net/mlx5e: XDP, Allow growing tail for XDP multi buffer (git-fixes). - net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ (git-fixes). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: Fix sparse warning (git-fixes). - nfsd: Remove open coding of string copy (git-fixes). - nfsv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (git-fixes). - nvme: do not reject probe due to duplicate IDs for single-ported PCIe devices (git-fixes). - nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes). - nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: Add additional check for MCAM rules (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). - pinctrl: amd: Do not show `Invalid config param` errors (git-fixes). - pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). - pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes). - RDMA/bnxt_re: Fix hang during driver unload (git-fixes) - RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes) - RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes) - RDMA/irdma: Add missing read barriers (git-fixes) - RDMA/irdma: Fix data race on CQP completion stats (git-fixes) - RDMA/irdma: Fix data race on CQP request done (git-fixes) - RDMA/irdma: Fix op_type reporting in CQEs (git-fixes) - RDMA/irdma: Report correct WC error (git-fixes) - RDMA/mlx4: Make check for invalid flags stricter (git-fixes) - RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes) - regmap: Account for register length in SMBus I/O limits (git-fixes). - regmap: Drop initial version of maximum transfer length fixes (git-fixes). - Restore kABI for NVidia vGPU driver (bsc#1210825). - Revert 'ALSA: usb-audio: Drop superfluous interface setup at parsing' (git-fixes). - Revert 'debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE() usage' (git-fixes). - Revert 'Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)' - Revert 'iavf: Detach device during reset task' (git-fixes). - Revert 'iavf: Do not restart Tx queues after reset task failure' (git-fixes). - Revert 'NFSv4: Retry LOCK on OLD_STATEID during delegation return' (git-fixes). - Revert 'usb: dwc3: core: Enable AutoRetry feature in the controller' (git-fixes). - Revert 'usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - Revert 'usb: xhci: tegra: Fix error check' (git-fixes). - Revert 'xhci: add quirk for host controllers that do not update endpoint DCS' (git-fixes). - Revive drm_dp_mst_hpd_irq() function (bsc#1213578). - rxrpc, afs: Fix selection of abort codes (git-fixes). - s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/dasd: print copy pair message only for the correct error (git-fixes bsc#1213872). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). - scftorture: Count reschedule IPIs (git-fixes). - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). - scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). - scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). - scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). - scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). - scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). - scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: Use struct_size() helper (bsc#1213756). - scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). - scsi: qla2xxx: Array index may go out of bound (bsc#1213747). - scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: Correct the index of array (bsc#1213747). - scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). - scsi: qla2xxx: Fix buffer overrun (bsc#1213747). - scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). - scsi: qla2xxx: Fix deletion race condition (bsc#1213747). - scsi: qla2xxx: Fix end of loop test (bsc#1213747). - scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). - scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). - scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: Fix TMF leak through (bsc#1213747). - scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). - scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). - scsi: qla2xxx: Silence a static checker warning (bsc#1213747). - scsi: qla2xxx: Turn off noisy message log (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). - series: udpate metadata Refresh - sfc: fix crash when reading stats while NIC is resetting (git-fixes). - sfc: fix XDP queues mode with legacy IRQ (git-fixes). - sfc: use budget for TX completions (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). - SUNRPC: always free ctxt when freeing deferred request (git-fixes). - SUNRPC: double free xprt_ctxt while still in use (git-fixes). - SUNRPC: Fix trace_svc_register() call site (git-fixes). - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes). - SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes). - SUNRPC: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: Prevent page release when nothing was received (git-fixes). - tpm_tis: Explicitly check for error code (git-fixes). - tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). - ubifs: Fix build errors as symbol undefined (git-fixes). - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: Fix memory leak in alloc_wbufs() (git-fixes). - ubifs: Fix memory leak in do_rename (git-fixes). - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: Fix to add refcount once page is set private (git-fixes). - ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: Free memory for tmpfile name (git-fixes). - ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: Rectify space budget for ubifs_xrename() (git-fixes). - ubifs: Rename whiteout atomically (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). - ubifs: Reserve one leb for each journal head while doing budget (git-fixes). - ubifs: Re-statistic cleaned znode count if commit failed (git-fixes). - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes). - Update config files: enable CONFIG_X86_AMD_PSTATE (bsc#1212445) - usb: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - USB: serial: option: add LARA-R6 01B PIDs (git-fixes). - usb: typec: Iterate pds array when showing the pd list (git-fixes). - usb: typec: Set port->pd before adding device for typec_port (git-fixes). - usb: typec: Use sysfs_emit_at when concatenating the string (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - vhost: support PACKED when setting-getting vring_base (git-fixes). - virtio_net: Fix error unwinding of XDP initialization (git-fixes). - virtio-net: Maintain reverse cleanup order (git-fixes). - wifi: ath11k: add support for suspend in power down state (bsc#1207948). - wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948). - wifi: ath11k: handle thermal device registeration together with MAC (bsc#1207948). - wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948). - wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - x86/PVH: obtain VGA console info in Dom0 (git-fixes). - xen/blkfront: Only check REQ_FUA for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). - xfs: AIL needs asynchronous CIL forcing (bsc#1211811). - xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: CIL work is serialised, not pipelined (bsc#1211811). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from CIL commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: move the CIL workqueue to the CIL (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order CIL checkpoint start records (bsc#1211811). - xfs: pass a CIL context to xlog_write() (bsc#1211811). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down AIL (bsc#1211811). - xfs: XLOG_STATE_IOERROR must die (bsc#1211811). - xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). - xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). - xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) The following package changes have been done: - apparmor-abstractions-3.0.4-150500.11.3.1 updated - apparmor-parser-3.0.4-150500.11.3.1 updated - bind-utils-9.16.42-150500.8.7.1 updated - blog-2.26-150300.4.6.1 updated - cloud-init-config-suse-23.1-150100.8.66.1 updated - cloud-init-23.1-150100.8.66.1 updated - curl-8.0.1-150400.5.26.1 updated - grub2-i386-pc-2.06-150500.29.3.1 updated - grub2-x86_64-efi-2.06-150500.29.3.1 updated - grub2-2.06-150500.29.3.1 updated - hwinfo-21.85-150500.3.3.1 updated - kernel-default-5.14.21-150500.55.19.1 updated - krb5-1.20.1-150500.3.3.1 updated - libapparmor1-3.0.4-150500.11.3.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libblogger2-2.26-150300.4.6.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.3.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - libfstrm0-0.6.1-150300.9.3.1 added - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - libprotobuf-c1-1.3.2-150200.3.6.1 added - libxml2-2-2.10.3-150500.5.5.1 updated - libyajl2-2.1.0-150000.4.6.1 updated - login_defs-4.8.1-150400.10.9.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - openssh-common-8.4p1-150300.3.22.1 updated - openssh-server-8.4p1-150300.3.22.1 updated - openssh-8.4p1-150300.3.22.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - perl-Bootloader-0.944-150400.3.6.1 updated - python3-bind-9.16.42-150500.8.7.1 updated - python3-pyasn1-0.4.2-150000.3.5.1 updated - samba-client-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 updated - samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 updated - shadow-4.8.1-150400.10.9.1 updated - systemd-presets-common-SUSE-15-150500.20.3.1 updated - wicked-service-0.6.73-150500.3.10.1 updated - wicked-0.6.73-150500.3.10.1 updated - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Sun Aug 20 07:01:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Aug 2023 09:01:57 +0200 (CEST) Subject: SUSE-IU-2023:578-1: Security update of suse-sles-15-sp5-chost-byos-v20230816-hvm-ssd-x86_64 Message-ID: <20230820070157.9320FFDCB@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20230816-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:578-1 Image Tags : suse-sles-15-sp5-chost-byos-v20230816-hvm-ssd-x86_64:20230816 Image Release : Severity : important Type : security References : 1089497 1150305 1184758 1186673 1193629 1194557 1194869 1201399 1203300 1204563 1206418 1206627 1207129 1207805 1207894 1207948 1208003 1208788 1209536 1210273 1210323 1210627 1210780 1210799 1210825 1211026 1211079 1211131 1211243 1211738 1211811 1211867 1212256 1212301 1212375 1212445 1212496 1212502 1212525 1212604 1212613 1212756 1212766 1212806 1212846 1212879 1212901 1212905 1212928 1213004 1213008 1213049 1213059 1213061 1213167 1213170 1213171 1213172 1213173 1213174 1213189 1213205 1213206 1213226 1213233 1213237 1213245 1213247 1213252 1213258 1213259 1213263 1213264 1213272 1213286 1213287 1213304 1213384 1213386 1213417 1213443 1213472 1213487 1213493 1213504 1213514 1213517 1213523 1213524 1213533 1213543 1213578 1213585 1213586 1213588 1213601 1213620 1213632 1213653 1213705 1213713 1213715 1213747 1213756 1213759 1213777 1213810 1213812 1213853 1213856 1213857 1213863 1213867 1213870 1213871 1213872 1214054 CVE-2020-25720 CVE-2021-3429 CVE-2022-2127 CVE-2022-40982 CVE-2022-41409 CVE-2022-48468 CVE-2023-0459 CVE-2023-1786 CVE-2023-20569 CVE-2023-20593 CVE-2023-21400 CVE-2023-2156 CVE-2023-2166 CVE-2023-2985 CVE-2023-31083 CVE-2023-3117 CVE-2023-31248 CVE-2023-32001 CVE-2023-3268 CVE-2023-33460 CVE-2023-3347 CVE-2023-3390 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-35001 CVE-2023-3567 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3812 CVE-2023-3817 CVE-2023-38408 CVE-2023-38409 CVE-2023-3863 CVE-2023-4004 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20230816-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2143-1 Released: Tue May 9 14:49:45 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2901-1 Released: Thu Jul 20 09:49:16 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1212613 This update for lvm2 fixes the following issues: - multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2905-1 Released: Thu Jul 20 10:17:54 2023 Summary: Recommended update for fstrm Type: recommended Severity: moderate References: This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add '-c' / '--connections' option to limit the number of concurrent connections it will accept. - fstrm_capture: add '-b / --buffer-size' option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2910-1 Released: Thu Jul 20 10:59:53 2023 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1204563 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2927-1 Released: Fri Jul 21 07:05:30 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1211026,1212806 This update for wicked fixes the following issues: - Fix arp notify loop and burst sending (bsc#1212806) - Update to version 0.6.73 - Allow verify/notify counter and interval configuration - Handle ENOBUFS sending errors (bsc#1203300) - Improve environment variable handling - Refactor firmware extension definition - Enable, disable and revert cli commands - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - Output formatting improvements and Unicode support ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2929-1 Released: Fri Jul 21 10:09:07 2023 Summary: Security update for samba Type: security Severity: important References: 1212375,1213170,1213171,1213172,1213173,1213174,1213384,1213386,CVE-2020-25720,CVE-2022-2127,CVE-2023-3347,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968 This update for samba fixes the following issues: samba was updated to version 4.17.9: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). - CVE-2023-3347: Fixed issue where SMB2 packet signing not enforced (bsc#1213170). - CVE-2020-25720: Fixed issue where creating child permission allowed full write to all attributes (bsc#1213386). Bugfixes: - Fixed trust relationship failure (bsc#1213384). - Backported --pidl-developer fixes. - Fixed smbd_scavenger crash when service smbd is stopped. - Fixed issue where vfs_fruit might cause a failing open for delete. - Fixed named crashes on DLZ zone update. - Fixed issue where winbind recurses into itself via rpcd_lsad. - Fixed cli_list looping 100% CPU against pre-lanman2 servers. - Fixed smbclient leaks fds with showacls. - Fixed aes256 smb3 encryption algorithms not allowed in smb3_sid_parse(). - Fixed winbindd getting stuck on NT_STATUS_RPC_SEC_PKG_ERROR. - Fixed smbget memory leak if failed to download files recursively. - Fixed log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower. - Fixed floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c. - Fixed test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners. - Reduce flapping of ridalloc test. - Fixed unreliable large_ldap test. - Fixed filename parser not checking veto files smb.conf parameter. - Fixed mdssvc may crash when initializing. - Fixed broken large directory optimization for non-lcomp path elements - Fixed streams_depot failing to create streams. - Fixed shadow_copy2 and streams_depot issues. - Fixed wbinfo -u fails on ad dc with >1000 users. - Fixed winbindd idmap child contacting the domain controller without a need. - Fixed idmap_autorid may fail to map sids of trusted domains for the first time. - Fixed idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings. - Fixed net ads search -P doesn't work against servers in other domains. - Fixed DS ACEs might be inherited to unrelated object classes. - Fixed temporary smbXsrv_tcon_global.tdb can't be parsed. - Fixed setting veto files = /.*/ breaking listing directories (bsc#1212375). - Fixed dsgetdcname assuming local system uses IPv4. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3088-1 Released: Tue Aug 1 09:52:03 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1212496 This update for systemd-presets-common-SUSE fixes the following issues: - Fix systemctl being called with an empty argument (bsc#1212496) - Don't call systemctl list-unit-files with an empty argument (bsc#1212496) - Add wtmpdb-update-boot.service and wtmpdb-rotate.timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3117-1 Released: Wed Aug 2 05:57:30 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1212756 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3170-1 Released: Thu Aug 3 08:02:27 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3172-1 Released: Thu Aug 3 08:36:43 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1150305,1193629,1194869,1207894,1208788,1211243,1211867,1212256,1212301,1212525,1212846,1212905,1213059,1213061,1213205,1213206,1213226,1213233,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213286,1213493,1213523,1213524,1213533,1213543,1213705,CVE-2023-20593,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3812 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: - Dropped patch that caused issues with k3s (bsc#1213705). - ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git-fixes). - ASoC: SOF: topology: Fix logic for copying tuples (git-fixes). - Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git-fixes). - Bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes). - Bluetooth: ISO: fix iso_conn related locking and validity issues (git-fixes). - Bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes). - Bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes). - Bluetooth: fix use-bdaddr-property quirk (git-fixes). - Bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes). - Bluetooth: hci_event: call disconnect callback before deleting conn (git-fixes). - Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes). - Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git-fixes). - Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (bsc#1212525). - PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git-fixes). - Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes) - Revert 'drm/i915: Disable DSB usage for now' (git-fixes). - USB: dwc2: Fix some error handling paths (git-fixes). - USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). - USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). - USB: typec: Fix fast_role_swap_current show function (git-fixes). - Update config and supported.conf files due to renaming. - acpi: Fix suspend with Xen PV (git-fixes). - adreno: Shutdown the GPU properly (git-fixes). - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes) - arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - can: bcm: Fix UAF in bcm_proc_show() (git-fixes). - ceph: add a dedicated private data for netfs rreq (bsc#1213205). - ceph: fix blindly expanding the readahead windows (bsc#1213206). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in DebugData (bsc#1193629). - cifs: print client_guid in DebugData (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - codel: fix kernel-doc notation warnings (git-fixes). - cpufreq: tegra194: Fix module loading (git-fixes). - devlink: fix kernel-doc notation warnings (git-fixes). - dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes). - drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes). - drm/amd/amdgpu: limit one queue per gang (git-fixes). - drm/amd/amdgpu: update mes11 api def (git-fixes). - drm/amd/display (gcc13): fix enum mismatch (git-fixes). - drm/amd/display: Add Z8 allow states to z-state support list (git-fixes). - drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes). - drm/amd/display: Add minimum Z8 residency debug option (git-fixes). - drm/amd/display: Add missing WA and MCLK validation (git-fixes). - drm/amd/display: Change default Z8 watermark values (git-fixes). - drm/amd/display: Correct DML calculation to align HW formula (git-fixes). - drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes). - drm/amd/display: Do not update DRR while BW optimizations pending (git-fixes). - drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes). - drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes). - drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes). - drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes). - drm/amd/display: Fix Z8 support configurations (git-fixes). - drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes). - drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes). - drm/amd/display: Have Payload Properly Created After Resume (git-fixes). - drm/amd/display: Lowering min Z8 residency time (git-fixes). - drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes). - drm/amd/display: Refactor eDP PSR codes (git-fixes). - drm/amd/display: Remove FPU guards from the DML folder (git-fixes). - drm/amd/display: Remove optimization for VRR updates (git-fixes). - drm/amd/display: Remove stutter only configurations (git-fixes). - drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes). - drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes). - drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes). - drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes). - drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes). - drm/amd/display: fix a divided-by-zero error (git-fixes). - drm/amd/display: fixed dcn30+ underflow issue (git-fixes). - drm/amd/display: limit timing for single dimm memory (git-fixes). - drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes). - drm/amd/display: set dcn315 lb bpp to 48 (git-fixes). - drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (git-fixes). - drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes). - drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (git-fixes). - drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git-fixes). - drm/amd/pm: resolve reboot exception for si oland (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes). - drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes). - drm/amd/pm: workaround for compute workload type on some skus (git-fixes). - drm/amd: Add a new helper for loading/validating microcode (git-fixes). - drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes). - drm/amd: Load MES microcode during early_init (git-fixes). - drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes). - drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git-fixes). - drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes). - drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes). - drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes). - drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes). - drm/amdgpu/mes11: enable reg active poll (git-fixes). - drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes). - drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git-fixes). - drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes). - drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes). - drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes). - drm/amdgpu: Fix sdma v4 sw fini error (git-fixes). - drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes). - drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git-fixes). - drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes). - drm/amdgpu: change reserved vram info print (git-fixes). - drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes). - drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes). - drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes). - drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes). - drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes). - drm/amdgpu: refine get gpu clock counter method (git-fixes). - drm/amdgpu: remove deprecated MES version vars (git-fixes). - drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes). - drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes). - drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes). - drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes). - drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes). - drm/bridge: anx7625: Prevent endless probe loop (git-fixes). - drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes). - drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes). - drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). - drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes). - drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes). - drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes). - drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes). - drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes). - drm/etnaviv: move idle mapping reaping into separate function (git-fixes). - drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes). - drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs (bsc#1213493). - drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes). - drm/i915/gt: Cleanup partial engine discovery failures (git-fixes). - drm/i915/guc: Add error-capture init warnings when needed (git-fixes). - drm/i915/guc: Fix missing ecodes (git-fixes). - drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes). - drm/i915/guc: Rename GuC register state capture node to be more obvious (git-fixes). - drm/i915/mtl: update scaler source and destination limits for MTL (git-fixes). - drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git-fixes). - drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git-fixes). - drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git-fixes). - drm/i915: Allow panel fixed modes to have differing sync polarities (git-fixes). - drm/i915: Check pipe source size when using skl+ scalers (git-fixes). - drm/i915: Do panel VBT init early if the VBT declares an explicit panel type (git-fixes). - drm/i915: Fix TypeC mode initialization during system resume (git-fixes). - drm/i915: Fix a memory leak with reused mmap_offset (git-fixes). - drm/i915: Fix negative value passed as remaining time (git-fixes). - drm/i915: Fix one wrong caching mode enum usage (git-fixes). - drm/i915: Introduce intel_panel_init_alloc() (git-fixes). - drm/i915: Never return 0 if not all requests retired (git-fixes). - drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes). - drm/i915: Print return value on error (git-fixes). - drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes). - drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes). - drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes). - drm/msm/adreno: Simplify read64/write64 helpers (git-fixes). - drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes). - drm/msm/dpu: Assign missing writeback log_mask (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes). - drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git-fixes). - drm/msm/hdmi: use devres helper for runtime PM management (git-fixes). - drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git-fixes). - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes). - drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). - drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes). - drm/ttm: Do not leak a resource on swapout move error (git-fixes). - drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes). - drm/virtio: Simplify error handling of virtio_gpu_object_create() (git-fixes). - drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes). - drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable implementation (git-fixes). - drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable (git-fixes). - drm/vmwgfx: Remove ttm object hashtable (git-fixes). - drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes). - drm/vmwgfx: Write the driver id registers (git-fixes). - drm: Add fixed-point helper to get rounded integer values (git-fixes). - drm: Add missing DP DSC extended capability definitions (git-fixes). - drm: Optimize drm buddy top-down allocation method (git-fixes). - drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git-fixes). - drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes). - drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes). - drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes). - drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes). - fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226). - irqchip/gic-v3: Claim iomem resources (bsc#1213533) - irqchip/gicv3: Handle resource request failure consistently (bsc#1213533) - irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533) - kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kabi/severities: ignore kABI of i915 module It's exported only for its sub-module, not really used by externals - kabi/severities: ignore kABI of vmwgfx The driver exports a function unnecessarily without used by anyone else. Ignore the kABI changes. - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - net: mana: Add support for vlan tagging (bsc#1212301). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git-fixes). - net: qrtr: start MHI channel after endpoit creation (git-fixes). - nilfs2: reject devices with insufficient block count (git-fixes). - ocfs2: Switch to security_inode_init_security() (git-fixes). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - perf/x86/amd/core: Always clear status for idx (bsc#1213233). - pie: fix kernel-doc notation warning (git-fixes). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: Fix VAS mm use after free (bsc#1194869). - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: Fix kernel config grep (bsc#1194869). - powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close (jsc#PED-542 git-fixes). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*. - rsi: remove kernel-doc comment marker (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). - s390/pci: clean up left over special treatment for function zero (bsc#1212525). - s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525). - s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525). - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - security: keys: Modify mismatched function name (git-fixes). - selftests/ir: fix build with ancient kernel headers (git-fixes). - selftests: cgroup: fix unsigned comparison with less than zero (git-fixes). - selftests: forwarding: Fix packet matching in mirroring selftests (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add ConnTrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). - signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in SMB2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in CIFSFindFirst() (bsc#1193629). - smb: client: fix warning in CIFSFindNext() (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve DFS mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes). - soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes). - soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart (git-fixes). - wifi: ath11k: Add missing check for ioremap (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes). - x86/platform/uv: Add platform resolving #defines for misc GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256 jsc#PED-4718). - x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718). - x86/platform/uv: When searching for minimums, start at INT_MAX not 99999 (bsc#1212256 jsc#PED-4718). - x86: Fix .brk attribute in linker script (git-fixes). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk AIL insertion (git-fixes). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3196-1 Released: Fri Aug 4 10:02:04 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1213443 This update for protobuf-c fixes the following issues: - Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3253-1 Released: Wed Aug 9 10:52:10 2023 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1213049 This update for bind fixes the following issues: - Add dnstap support (jsc#PED-4852) - Log named-checkconf output (bsc#1213049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3276-1 Released: Fri Aug 11 10:20:40 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3282-1 Released: Fri Aug 11 10:26:23 2023 Summary: Recommended update for blog Type: recommended Severity: moderate References: This update for blog fixes the following issues: - Fix big endian cast problems to be able to read commands and ansers as well as passphrases ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3283-1 Released: Fri Aug 11 10:28:34 2023 Summary: Feature update for cloud-init Type: feature Severity: moderate References: 1184758,1210273,1212879,CVE-2021-3429,CVE-2023-1786 This update for cloud-init fixes the following issues: - Default route is not configured (bsc#1212879) - cloud-final service failing in powerVS (bsc#1210273) - Randomly generated passwords logged in clear-text to world-readable file (bsc#1184758, CVE-2021-3429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3301-1 Released: Mon Aug 14 07:24:59 2023 Summary: Security update for libyajl Type: security Severity: moderate References: 1212928,CVE-2023-33460 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3311-1 Released: Mon Aug 14 16:23:36 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206418,1207129,1207948,1210627,1210780,1210825,1211131,1211738,1211811,1212445,1212502,1212604,1212766,1212901,1213167,1213272,1213287,1213304,1213417,1213578,1213585,1213586,1213588,1213601,1213620,1213632,1213653,1213713,1213715,1213747,1213756,1213759,1213777,1213810,1213812,1213856,1213857,1213863,1213867,1213870,1213871,1213872,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-21400,CVE-2023-2156,CVE-2023-2166,CVE-2023-31083,CVE-2023-3268,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-38409,CVE-2023-3863,CVE-2023-4004 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ???Inception??? or ???RAS Poisoning??? (bsc#1213287). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-38409: Fixed an issue in set_con2fb_map in drivers/video/fbdev/core/fbcon.c. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info) (bsc#1213417). - CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC. This flaw allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid() (bsc#1212445). - ACPI: CPPC: Add definition for undefined FADT preferred PM profile value (bsc#1212445). - ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() (git-fixes). - ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - afs: Adjust ACK interpretation to try and cope with NAT (git-fixes). - afs: Fix access after dec in put functions (git-fixes). - afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: Fix dynamic root getattr (git-fixes). - afs: Fix fileserver probe RTT handling (git-fixes). - afs: Fix infinite loop found by xfstest generic/676 (git-fixes). - afs: Fix lost servers_outstanding count (git-fixes). - afs: Fix server->active leak in afs_put_server (git-fixes). - afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: Fix updating of i_size with dv jump from server (git-fixes). - afs: Fix vlserver probe RTT handling (git-fixes). - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). - afs: Use refcount_t rather than atomic_t (git-fixes). - afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). - ALSA: emu10k1: roll up loops in DSP setup code for Audigy (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). - ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). - ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). - ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes). - ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (git-fixes). - ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (git-fixes). - ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset (bsc#1207129). - ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (git-fixes). - ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (git-fixes). - ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes). - ALSA: usb-audio: Avoid unnecessary interface change at EP close (git-fixes). - ALSA: usb-audio: Clear fixed clock rate at closing EP (git-fixes). - ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() (git-fixes). - ALSA: usb-audio: Drop superfluous interface setup at parsing (git-fixes). - ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (git-fixes). - ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (git-fixes). - ALSA: usb-audio: More refactoring of hw constraint rules (git-fixes). - ALSA: usb-audio: Properly refcounting clock rate (git-fixes). - ALSA: usb-audio: Rate limit usb_set_interface error reporting (git-fixes). - ALSA: usb-audio: Refcount multiple accesses on the single clock (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) (git-fixes). - ALSA: usb-audio: Update for native DSD support quirks (git-fixes). - ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update (git-fixes). - ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes). - amd-pstate: Fix amd_pstate mode switch (git-fixes). - ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count() (git-fixes). - ASoC: atmel: Fix the 8K sample parameter in I2SC master (git-fixes). - ASoc: codecs: ES8316: Fix DMIC config (git-fixes). - ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). - ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - ASoC: da7219: Check for failure reading AAD IRQ events (git-fixes). - ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes). - ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes). - ASoC: fsl_spdif: Silence output on stop (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (git-fixes). - ASoC: rt711: fix for JD event handling in ClockStop Mode0 (git-fixes). - ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (git-fixes). - ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() (git-fixes). - ASoC: tegra: Fix ADX byte map (git-fixes). - ASoC: tegra: Fix AMX byte map (git-fixes). - ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: Fix division by zero error on zero wsum (bsc#1213653). - block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - bus: mhi: add new interfaces to handle MHI channels directly (bsc#1207948). - bus: mhi: host: add destroy_device argument to mhi_power_down() (bsc#1207948). - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - coda: Avoid partial allocation of sig_inputArgs (git-fixes). - cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection (bsc#1212445). - cpufreq: amd-pstate: Add AMD P-State frequencies attributes (bsc#1212445). - cpufreq: amd-pstate: Add AMD P-State performance attributes (bsc#1212445). - cpufreq: amd-pstate: Add boost mode support for AMD P-State (bsc#1212445). - cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445). - cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445). - cpufreq: amd-pstate: Add fast switch function for AMD P-State (bsc#1212445). - cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445). - cpufreq: amd-pstate: Add guided mode control support via sysfs (bsc#1212445). - cpufreq: amd-pstate: Add more tracepoint for AMD P-State module (bsc#1212445). - cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1212445). - cpufreq: amd-pstate: Add trace for AMD P-State module (bsc#1212445). - cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445). - cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1212445). - cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445). - cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init (bsc#1212445). - cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445). - cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1212445). - cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ (bsc#1212445). - cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State (bsc#1212445). - cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1212445). - cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment (bsc#1212445). - cpufreq: amd-pstate: fix white-space (bsc#1212445). - cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445). - cpufreq: amd-pstate: implement amd pstate cpu online and offline callback (bsc#1212445). - cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors (bsc#1212445). - cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445). - cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future processors (bsc#1212445). - cpufreq: amd-pstate: Introduce the support for the processors with shared memory solution (bsc#1212445). - cpufreq: amd-pstate: Let user know amd-pstate is disabled (bsc#1212445). - cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated (bsc#1212445). - cpufreq: amd-pstate: Make varaiable mode_state_machine static (bsc#1212445). - cpufreq: amd_pstate: map desired perf into pstate scope for powersave governor (bsc#1212445). - cpufreq: amd-pstate: optimize driver working mode selection in amd_pstate_param() (bsc#1212445). - cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver (bsc#1212445). - cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules (bsc#1212445). - cpufreq: amd-pstate: Set a fallback policy based on preferred_profile (bsc#1212445). - cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445). - cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() (bsc#1212445). - cpufreq: amd-pstate: update pstate frequency transition delay time (bsc#1212445). - cpufreq: amd-pstate: Write CPPC enable bit per-socket (bsc#1212445). - crypto: kpp - Add helper to set reqsize (git-fixes). - crypto: qat - Use helper to set reqsize (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - Documentation: cpufreq: amd-pstate: Move amd_pstate param to alphabetical order (bsc#1212445). - Documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - drm/amd/display: Add monitor specific edid quirk (git-fixes). - drm/amd/display: Add polling method to handle MST reply packet (bsc#1213578). - drm/amd/display: check TG is non-null before checking if enabled (git-fixes). - drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). - drm/amd/display: Disable MPC split by default on special asic (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: fix seamless odm transitions (git-fixes). - drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). - drm/amd/display: only accept async flips for fast updates (git-fixes). - drm/amd/display: Only update link settings after successful MST link train (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event() (git-fixes). - drm/amd: Fix an error handling mistake in psp_sw_init() (git-fixes). - drm/amdgpu: add the fan abnormal detection feature (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes). - drm/amdgpu: Fix minmax warning (git-fixes). - drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes). - drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (git-fixes). - drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes). - drm/amd/pm: share the code around SMU13 pcie parameters update (git-fixes). - drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (git-fixes). - drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Clear MSG_RDY flag before sending new message (bsc#1213578). - drm: Fix null pointer dereference in drm_dp_atomic_find_time_slots() (bsc#1213578). - drm/i915: Do not preserve dpll_hw_state for slave crtc in Bigjoiner (git-fixes). - drm/i915/dpt: Use shmem for dpt objects (git-fixes). - drm/i915: Fix an error handling path in igt_write_huge() (git-fixes). - drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks (git-fixes). - drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes). - drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). - drm/ttm: fix bulk_move corruption when adding a entry (git-fixes). - drm/ttm: fix warning that we shouldn't mix && and || (git-fixes). - drm/vmwgfx: Fix Legacy Display Unit atomic drm support (bsc#1213632). - drm/vmwgfx: Remove explicit and broken vblank handling (bsc#1213632). - drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632). - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: Removed unneeded release_mem_region (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). - fs: dlm: return positive pid value for F_GETLK (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes). - FS: JFS: Check for read-only mounted filesystem in txBegin (git-fixes). - FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes). - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). - gve: Set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hwmon: (adm1275) Allow setting sample averaging (git-fixes). - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes). - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: Do not try to handle more interrupt events after error (git-fixes). - iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED (git-fixes). - iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (git-fixes). - iavf: Fix out-of-bounds when setting channels on remove (git-fixes). - iavf: fix potential deadlock on allocation failure (git-fixes). - iavf: fix reset task race with iavf_remove() (git-fixes). - iavf: Fix use-after-free in free_netdev (git-fixes). - iavf: Move netdev_update_features() into watchdog task (git-fixes). - iavf: use internal state to free traffic IRQs (git-fixes). - iavf: Wait for reset in callbacks which trigger it (git-fixes). - IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) - ice: Fix max_rate check while configuring TX rate limits (git-fixes). - ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: handle extts in the miscellaneous interrupt thread (git-fixes). - igc: Check if hardware TX timestamping is enabled earlier (git-fixes). - igc: Enable and fix RX hash usage by netstack (git-fixes). - igc: Fix inserting of empty frame for launchtime (git-fixes). - igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). - igc: Fix launchtime before start of cycle (git-fixes). - igc: Fix race condition in PTP tx code (git-fixes). - igc: Handle PPS start time programming for past time values (git-fixes). - igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). - igc: Remove delay during TX ring configuration (git-fixes). - igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - igc: Work around HW bug causing missing timestamps (git-fixes). - Input: i8042 - add Clevo PCX0DX to i8042 quirk table (git-fixes). - Input: iqs269a - do not poll during ATI (git-fixes). - Input: iqs269a - do not poll during suspend or resume (git-fixes). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). - kABI fix after Restore kABI for NVidia vGPU driver (bsc#1210825). - kabi/severities: relax kABI for ath11k local symbols (bsc#1207948) - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). - KVM: arm64: Do not read a HW interrupt pending state in user context (git-fixes) - KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620) - KVM: Do not null dereference ops->destroy (git-fixes) - KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes) - KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes) - KVM: s390: pv: fix index value of replaced ASCE (git-fixes bsc#1213867). - KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (git-fixes). - KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (git-fixes). - KVM: VMX: restore vmx_vmexit alignment (git-fixes). - KVM: x86: Account fastpath-only VM-Exits in vCPU stats (git-fixes). - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - MAINTAINERS: Add AMD P-State driver maintainer entry (bsc#1212445). - m ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes). - md: add error_handlers for raid0 and linear (bsc#1212766). - media: staging: atomisp: select V4L2_FWNODE (git-fixes). - mhi_power_down() kABI workaround (bsc#1207948). - mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). - net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). - net/mlx5: DR, Support SW created encap actions for FW table (git-fixes). - net/mlx5e: Check for NOT_READY flag state after locking (git-fixes). - net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes). - net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes). - net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes). - net/mlx5e: XDP, Allow growing tail for XDP multi buffer (git-fixes). - net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ (git-fixes). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: Fix sparse warning (git-fixes). - nfsd: Remove open coding of string copy (git-fixes). - nfsv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (git-fixes). - nvme: do not reject probe due to duplicate IDs for single-ported PCIe devices (git-fixes). - nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes). - nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: Add additional check for MCAM rules (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). - pinctrl: amd: Do not show `Invalid config param` errors (git-fixes). - pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). - pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes). - RDMA/bnxt_re: Fix hang during driver unload (git-fixes) - RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes) - RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes) - RDMA/irdma: Add missing read barriers (git-fixes) - RDMA/irdma: Fix data race on CQP completion stats (git-fixes) - RDMA/irdma: Fix data race on CQP request done (git-fixes) - RDMA/irdma: Fix op_type reporting in CQEs (git-fixes) - RDMA/irdma: Report correct WC error (git-fixes) - RDMA/mlx4: Make check for invalid flags stricter (git-fixes) - RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes) - regmap: Account for register length in SMBus I/O limits (git-fixes). - regmap: Drop initial version of maximum transfer length fixes (git-fixes). - Restore kABI for NVidia vGPU driver (bsc#1210825). - Revert 'ALSA: usb-audio: Drop superfluous interface setup at parsing' (git-fixes). - Revert 'debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE() usage' (git-fixes). - Revert 'Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)' - Revert 'iavf: Detach device during reset task' (git-fixes). - Revert 'iavf: Do not restart Tx queues after reset task failure' (git-fixes). - Revert 'NFSv4: Retry LOCK on OLD_STATEID during delegation return' (git-fixes). - Revert 'usb: dwc3: core: Enable AutoRetry feature in the controller' (git-fixes). - Revert 'usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - Revert 'usb: xhci: tegra: Fix error check' (git-fixes). - Revert 'xhci: add quirk for host controllers that do not update endpoint DCS' (git-fixes). - Revive drm_dp_mst_hpd_irq() function (bsc#1213578). - rxrpc, afs: Fix selection of abort codes (git-fixes). - s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/dasd: print copy pair message only for the correct error (git-fixes bsc#1213872). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). - scftorture: Count reschedule IPIs (git-fixes). - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). - scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). - scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). - scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). - scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). - scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). - scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: Use struct_size() helper (bsc#1213756). - scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). - scsi: qla2xxx: Array index may go out of bound (bsc#1213747). - scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: Correct the index of array (bsc#1213747). - scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). - scsi: qla2xxx: Fix buffer overrun (bsc#1213747). - scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). - scsi: qla2xxx: Fix deletion race condition (bsc#1213747). - scsi: qla2xxx: Fix end of loop test (bsc#1213747). - scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). - scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). - scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: Fix TMF leak through (bsc#1213747). - scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). - scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). - scsi: qla2xxx: Silence a static checker warning (bsc#1213747). - scsi: qla2xxx: Turn off noisy message log (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). - series: udpate metadata Refresh - sfc: fix crash when reading stats while NIC is resetting (git-fixes). - sfc: fix XDP queues mode with legacy IRQ (git-fixes). - sfc: use budget for TX completions (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). - SUNRPC: always free ctxt when freeing deferred request (git-fixes). - SUNRPC: double free xprt_ctxt while still in use (git-fixes). - SUNRPC: Fix trace_svc_register() call site (git-fixes). - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes). - SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes). - SUNRPC: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: Prevent page release when nothing was received (git-fixes). - tpm_tis: Explicitly check for error code (git-fixes). - tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). - ubifs: Fix build errors as symbol undefined (git-fixes). - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: Fix memory leak in alloc_wbufs() (git-fixes). - ubifs: Fix memory leak in do_rename (git-fixes). - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: Fix to add refcount once page is set private (git-fixes). - ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: Free memory for tmpfile name (git-fixes). - ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: Rectify space budget for ubifs_xrename() (git-fixes). - ubifs: Rename whiteout atomically (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). - ubifs: Reserve one leb for each journal head while doing budget (git-fixes). - ubifs: Re-statistic cleaned znode count if commit failed (git-fixes). - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes). - Update config files: enable CONFIG_X86_AMD_PSTATE (bsc#1212445) - usb: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - USB: serial: option: add LARA-R6 01B PIDs (git-fixes). - usb: typec: Iterate pds array when showing the pd list (git-fixes). - usb: typec: Set port->pd before adding device for typec_port (git-fixes). - usb: typec: Use sysfs_emit_at when concatenating the string (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - vhost: support PACKED when setting-getting vring_base (git-fixes). - virtio_net: Fix error unwinding of XDP initialization (git-fixes). - virtio-net: Maintain reverse cleanup order (git-fixes). - wifi: ath11k: add support for suspend in power down state (bsc#1207948). - wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948). - wifi: ath11k: handle thermal device registeration together with MAC (bsc#1207948). - wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948). - wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - x86/PVH: obtain VGA console info in Dom0 (git-fixes). - xen/blkfront: Only check REQ_FUA for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). - xfs: AIL needs asynchronous CIL forcing (bsc#1211811). - xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: CIL work is serialised, not pipelined (bsc#1211811). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from CIL commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: move the CIL workqueue to the CIL (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order CIL checkpoint start records (bsc#1211811). - xfs: pass a CIL context to xlog_write() (bsc#1211811). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down AIL (bsc#1211811). - xfs: XLOG_STATE_IOERROR must die (bsc#1211811). - xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). - xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). - xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) The following package changes have been done: - apparmor-abstractions-3.0.4-150500.11.3.1 updated - apparmor-parser-3.0.4-150500.11.3.1 updated - bind-utils-9.16.42-150500.8.7.1 updated - blog-2.26-150300.4.6.1 updated - cloud-init-config-suse-23.1-150100.8.66.1 updated - cloud-init-23.1-150100.8.66.1 updated - curl-8.0.1-150400.5.26.1 updated - grub2-i386-pc-2.06-150500.29.3.1 updated - grub2-x86_64-efi-2.06-150500.29.3.1 updated - grub2-x86_64-xen-2.06-150500.29.3.1 updated - grub2-2.06-150500.29.3.1 updated - hwinfo-21.85-150500.3.3.1 updated - kernel-default-5.14.21-150500.55.19.1 updated - krb5-1.20.1-150500.3.3.1 updated - libapparmor1-3.0.4-150500.11.3.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libblogger2-2.26-150300.4.6.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.3.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - libfstrm0-0.6.1-150300.9.3.1 added - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - libprotobuf-c1-1.3.2-150200.3.6.1 added - libxml2-2-2.10.3-150500.5.5.1 updated - libyajl2-2.1.0-150000.4.6.1 updated - login_defs-4.8.1-150400.10.9.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - openssh-common-8.4p1-150300.3.22.1 updated - openssh-server-8.4p1-150300.3.22.1 updated - openssh-8.4p1-150300.3.22.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - perl-Bootloader-0.944-150400.3.6.1 updated - python3-bind-9.16.42-150500.8.7.1 updated - python3-pyasn1-0.4.2-150000.3.5.1 updated - samba-client-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 updated - samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 updated - shadow-4.8.1-150400.10.9.1 updated - systemd-presets-common-SUSE-15-150500.20.3.1 updated - wicked-service-0.6.73-150500.3.10.1 updated - wicked-0.6.73-150500.3.10.1 updated - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Sun Aug 20 07:02:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Aug 2023 09:02:03 +0200 (CEST) Subject: SUSE-IU-2023:579-1: Security update of sles-15-sp5-chost-byos-v20230816-arm64 Message-ID: <20230820070203.3A91BFDCB@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20230816-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:579-1 Image Tags : sles-15-sp5-chost-byos-v20230816-arm64:20230816 Image Release : Severity : important Type : security References : 1089497 1124564 1150305 1186673 1193629 1194557 1194869 1201399 1203300 1204563 1206418 1206627 1207129 1207894 1207948 1208003 1208788 1209536 1210323 1210627 1210780 1210799 1210825 1211026 1211079 1211131 1211243 1211738 1211811 1211867 1212256 1212301 1212375 1212418 1212445 1212496 1212502 1212525 1212598 1212604 1212613 1212756 1212759 1212766 1212806 1212846 1212901 1212905 1212928 1213004 1213008 1213049 1213059 1213061 1213167 1213170 1213171 1213172 1213173 1213174 1213189 1213205 1213206 1213226 1213233 1213237 1213245 1213247 1213252 1213258 1213259 1213263 1213264 1213272 1213286 1213287 1213304 1213384 1213386 1213417 1213443 1213472 1213487 1213493 1213504 1213514 1213517 1213523 1213524 1213527 1213533 1213543 1213578 1213585 1213586 1213588 1213601 1213618 1213620 1213632 1213653 1213686 1213705 1213713 1213715 1213747 1213756 1213759 1213777 1213810 1213812 1213853 1213856 1213857 1213863 1213867 1213870 1213871 1213872 1214054 CVE-2020-25720 CVE-2022-2127 CVE-2022-40982 CVE-2022-41409 CVE-2022-48468 CVE-2023-0459 CVE-2023-20569 CVE-2023-20593 CVE-2023-21400 CVE-2023-2156 CVE-2023-2166 CVE-2023-2985 CVE-2023-31083 CVE-2023-3117 CVE-2023-31248 CVE-2023-32001 CVE-2023-3268 CVE-2023-33460 CVE-2023-3347 CVE-2023-3390 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-35001 CVE-2023-3567 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3812 CVE-2023-3817 CVE-2023-38408 CVE-2023-38409 CVE-2023-3863 CVE-2023-4004 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20230816-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2143-1 Released: Tue May 9 14:49:45 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2901-1 Released: Thu Jul 20 09:49:16 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1212613 This update for lvm2 fixes the following issues: - multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2905-1 Released: Thu Jul 20 10:17:54 2023 Summary: Recommended update for fstrm Type: recommended Severity: moderate References: This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add '-c' / '--connections' option to limit the number of concurrent connections it will accept. - fstrm_capture: add '-b / --buffer-size' option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2910-1 Released: Thu Jul 20 10:59:53 2023 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1204563 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2922-1 Released: Thu Jul 20 18:34:03 2023 Summary: Recommended update for libfido2 Type: recommended Severity: moderate References: This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2927-1 Released: Fri Jul 21 07:05:30 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1211026,1212806 This update for wicked fixes the following issues: - Fix arp notify loop and burst sending (bsc#1212806) - Update to version 0.6.73 - Allow verify/notify counter and interval configuration - Handle ENOBUFS sending errors (bsc#1203300) - Improve environment variable handling - Refactor firmware extension definition - Enable, disable and revert cli commands - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - Output formatting improvements and Unicode support ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2929-1 Released: Fri Jul 21 10:09:07 2023 Summary: Security update for samba Type: security Severity: important References: 1212375,1213170,1213171,1213172,1213173,1213174,1213384,1213386,CVE-2020-25720,CVE-2022-2127,CVE-2023-3347,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968 This update for samba fixes the following issues: samba was updated to version 4.17.9: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). - CVE-2023-3347: Fixed issue where SMB2 packet signing not enforced (bsc#1213170). - CVE-2020-25720: Fixed issue where creating child permission allowed full write to all attributes (bsc#1213386). Bugfixes: - Fixed trust relationship failure (bsc#1213384). - Backported --pidl-developer fixes. - Fixed smbd_scavenger crash when service smbd is stopped. - Fixed issue where vfs_fruit might cause a failing open for delete. - Fixed named crashes on DLZ zone update. - Fixed issue where winbind recurses into itself via rpcd_lsad. - Fixed cli_list looping 100% CPU against pre-lanman2 servers. - Fixed smbclient leaks fds with showacls. - Fixed aes256 smb3 encryption algorithms not allowed in smb3_sid_parse(). - Fixed winbindd getting stuck on NT_STATUS_RPC_SEC_PKG_ERROR. - Fixed smbget memory leak if failed to download files recursively. - Fixed log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower. - Fixed floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c. - Fixed test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners. - Reduce flapping of ridalloc test. - Fixed unreliable large_ldap test. - Fixed filename parser not checking veto files smb.conf parameter. - Fixed mdssvc may crash when initializing. - Fixed broken large directory optimization for non-lcomp path elements - Fixed streams_depot failing to create streams. - Fixed shadow_copy2 and streams_depot issues. - Fixed wbinfo -u fails on ad dc with >1000 users. - Fixed winbindd idmap child contacting the domain controller without a need. - Fixed idmap_autorid may fail to map sids of trusted domains for the first time. - Fixed idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings. - Fixed net ads search -P doesn't work against servers in other domains. - Fixed DS ACEs might be inherited to unrelated object classes. - Fixed temporary smbXsrv_tcon_global.tdb can't be parsed. - Fixed setting veto files = /.*/ breaking listing directories (bsc#1212375). - Fixed dsgetdcname assuming local system uses IPv4. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3088-1 Released: Tue Aug 1 09:52:03 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1212496 This update for systemd-presets-common-SUSE fixes the following issues: - Fix systemctl being called with an empty argument (bsc#1212496) - Don't call systemctl list-unit-files with an empty argument (bsc#1212496) - Add wtmpdb-update-boot.service and wtmpdb-rotate.timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3117-1 Released: Wed Aug 2 05:57:30 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1212756 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3170-1 Released: Thu Aug 3 08:02:27 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3172-1 Released: Thu Aug 3 08:36:43 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1150305,1193629,1194869,1207894,1208788,1211243,1211867,1212256,1212301,1212525,1212846,1212905,1213059,1213061,1213205,1213206,1213226,1213233,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213286,1213493,1213523,1213524,1213533,1213543,1213705,CVE-2023-20593,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3812 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: - Dropped patch that caused issues with k3s (bsc#1213705). - ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git-fixes). - ASoC: SOF: topology: Fix logic for copying tuples (git-fixes). - Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git-fixes). - Bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes). - Bluetooth: ISO: fix iso_conn related locking and validity issues (git-fixes). - Bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes). - Bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes). - Bluetooth: fix use-bdaddr-property quirk (git-fixes). - Bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes). - Bluetooth: hci_event: call disconnect callback before deleting conn (git-fixes). - Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes). - Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git-fixes). - Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (bsc#1212525). - PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git-fixes). - Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes) - Revert 'drm/i915: Disable DSB usage for now' (git-fixes). - USB: dwc2: Fix some error handling paths (git-fixes). - USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). - USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). - USB: typec: Fix fast_role_swap_current show function (git-fixes). - Update config and supported.conf files due to renaming. - acpi: Fix suspend with Xen PV (git-fixes). - adreno: Shutdown the GPU properly (git-fixes). - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes) - arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - can: bcm: Fix UAF in bcm_proc_show() (git-fixes). - ceph: add a dedicated private data for netfs rreq (bsc#1213205). - ceph: fix blindly expanding the readahead windows (bsc#1213206). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in DebugData (bsc#1193629). - cifs: print client_guid in DebugData (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - codel: fix kernel-doc notation warnings (git-fixes). - cpufreq: tegra194: Fix module loading (git-fixes). - devlink: fix kernel-doc notation warnings (git-fixes). - dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes). - drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes). - drm/amd/amdgpu: limit one queue per gang (git-fixes). - drm/amd/amdgpu: update mes11 api def (git-fixes). - drm/amd/display (gcc13): fix enum mismatch (git-fixes). - drm/amd/display: Add Z8 allow states to z-state support list (git-fixes). - drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes). - drm/amd/display: Add minimum Z8 residency debug option (git-fixes). - drm/amd/display: Add missing WA and MCLK validation (git-fixes). - drm/amd/display: Change default Z8 watermark values (git-fixes). - drm/amd/display: Correct DML calculation to align HW formula (git-fixes). - drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes). - drm/amd/display: Do not update DRR while BW optimizations pending (git-fixes). - drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes). - drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes). - drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes). - drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes). - drm/amd/display: Fix Z8 support configurations (git-fixes). - drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes). - drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes). - drm/amd/display: Have Payload Properly Created After Resume (git-fixes). - drm/amd/display: Lowering min Z8 residency time (git-fixes). - drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes). - drm/amd/display: Refactor eDP PSR codes (git-fixes). - drm/amd/display: Remove FPU guards from the DML folder (git-fixes). - drm/amd/display: Remove optimization for VRR updates (git-fixes). - drm/amd/display: Remove stutter only configurations (git-fixes). - drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes). - drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes). - drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes). - drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes). - drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes). - drm/amd/display: fix a divided-by-zero error (git-fixes). - drm/amd/display: fixed dcn30+ underflow issue (git-fixes). - drm/amd/display: limit timing for single dimm memory (git-fixes). - drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes). - drm/amd/display: set dcn315 lb bpp to 48 (git-fixes). - drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (git-fixes). - drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes). - drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (git-fixes). - drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git-fixes). - drm/amd/pm: resolve reboot exception for si oland (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes). - drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes). - drm/amd/pm: workaround for compute workload type on some skus (git-fixes). - drm/amd: Add a new helper for loading/validating microcode (git-fixes). - drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes). - drm/amd: Load MES microcode during early_init (git-fixes). - drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes). - drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git-fixes). - drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes). - drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes). - drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes). - drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes). - drm/amdgpu/mes11: enable reg active poll (git-fixes). - drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes). - drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git-fixes). - drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes). - drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes). - drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes). - drm/amdgpu: Fix sdma v4 sw fini error (git-fixes). - drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes). - drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git-fixes). - drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes). - drm/amdgpu: change reserved vram info print (git-fixes). - drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes). - drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes). - drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes). - drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes). - drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes). - drm/amdgpu: refine get gpu clock counter method (git-fixes). - drm/amdgpu: remove deprecated MES version vars (git-fixes). - drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes). - drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes). - drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes). - drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes). - drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes). - drm/bridge: anx7625: Prevent endless probe loop (git-fixes). - drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes). - drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes). - drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). - drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes). - drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes). - drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes). - drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes). - drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes). - drm/etnaviv: move idle mapping reaping into separate function (git-fixes). - drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes). - drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs (bsc#1213493). - drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes). - drm/i915/gt: Cleanup partial engine discovery failures (git-fixes). - drm/i915/guc: Add error-capture init warnings when needed (git-fixes). - drm/i915/guc: Fix missing ecodes (git-fixes). - drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes). - drm/i915/guc: Rename GuC register state capture node to be more obvious (git-fixes). - drm/i915/mtl: update scaler source and destination limits for MTL (git-fixes). - drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git-fixes). - drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git-fixes). - drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git-fixes). - drm/i915: Allow panel fixed modes to have differing sync polarities (git-fixes). - drm/i915: Check pipe source size when using skl+ scalers (git-fixes). - drm/i915: Do panel VBT init early if the VBT declares an explicit panel type (git-fixes). - drm/i915: Fix TypeC mode initialization during system resume (git-fixes). - drm/i915: Fix a memory leak with reused mmap_offset (git-fixes). - drm/i915: Fix negative value passed as remaining time (git-fixes). - drm/i915: Fix one wrong caching mode enum usage (git-fixes). - drm/i915: Introduce intel_panel_init_alloc() (git-fixes). - drm/i915: Never return 0 if not all requests retired (git-fixes). - drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes). - drm/i915: Print return value on error (git-fixes). - drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes). - drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes). - drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes). - drm/msm/adreno: Simplify read64/write64 helpers (git-fixes). - drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes). - drm/msm/dpu: Assign missing writeback log_mask (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes). - drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git-fixes). - drm/msm/hdmi: use devres helper for runtime PM management (git-fixes). - drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git-fixes). - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes). - drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). - drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes). - drm/ttm: Do not leak a resource on swapout move error (git-fixes). - drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes). - drm/virtio: Simplify error handling of virtio_gpu_object_create() (git-fixes). - drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes). - drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable implementation (git-fixes). - drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable (git-fixes). - drm/vmwgfx: Remove ttm object hashtable (git-fixes). - drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes). - drm/vmwgfx: Write the driver id registers (git-fixes). - drm: Add fixed-point helper to get rounded integer values (git-fixes). - drm: Add missing DP DSC extended capability definitions (git-fixes). - drm: Optimize drm buddy top-down allocation method (git-fixes). - drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git-fixes). - drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes). - drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes). - drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes). - drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes). - fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226). - irqchip/gic-v3: Claim iomem resources (bsc#1213533) - irqchip/gicv3: Handle resource request failure consistently (bsc#1213533) - irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533) - kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kabi/severities: ignore kABI of i915 module It's exported only for its sub-module, not really used by externals - kabi/severities: ignore kABI of vmwgfx The driver exports a function unnecessarily without used by anyone else. Ignore the kABI changes. - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - net: mana: Add support for vlan tagging (bsc#1212301). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git-fixes). - net: qrtr: start MHI channel after endpoit creation (git-fixes). - nilfs2: reject devices with insufficient block count (git-fixes). - ocfs2: Switch to security_inode_init_security() (git-fixes). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - perf/x86/amd/core: Always clear status for idx (bsc#1213233). - pie: fix kernel-doc notation warning (git-fixes). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: Fix VAS mm use after free (bsc#1194869). - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: Fix kernel config grep (bsc#1194869). - powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close (jsc#PED-542 git-fixes). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*. - rsi: remove kernel-doc comment marker (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). - s390/pci: clean up left over special treatment for function zero (bsc#1212525). - s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525). - s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525). - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - security: keys: Modify mismatched function name (git-fixes). - selftests/ir: fix build with ancient kernel headers (git-fixes). - selftests: cgroup: fix unsigned comparison with less than zero (git-fixes). - selftests: forwarding: Fix packet matching in mirroring selftests (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add ConnTrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). - signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in SMB2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in CIFSFindFirst() (bsc#1193629). - smb: client: fix warning in CIFSFindNext() (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve DFS mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes). - soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes). - soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart (git-fixes). - wifi: ath11k: Add missing check for ioremap (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes). - x86/platform/uv: Add platform resolving #defines for misc GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256 jsc#PED-4718). - x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256 jsc#PED-4718). - x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718). - x86/platform/uv: When searching for minimums, start at INT_MAX not 99999 (bsc#1212256 jsc#PED-4718). - x86: Fix .brk attribute in linker script (git-fixes). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk AIL insertion (git-fixes). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3196-1 Released: Fri Aug 4 10:02:04 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1213443 This update for protobuf-c fixes the following issues: - Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3197-1 Released: Fri Aug 4 10:04:10 2023 Summary: Recommended update for google-guest-agent, google-guest-configs, google-osconfig-agent Type: recommended Severity: moderate References: 1212418,1212759 This update for google-guest-agent, google-guest-configs, google-osconfig-agent fixes the following issues: - Update to version 20230601.00 (bsc#1212418, bsc#1212759) - Don't block google-osconfig-agent (#213) - Avoid conflict with automated package updates (#212) - Add a support of TrustedUserCAKeys into sshd configuration (#206) - Add a new dracut module for gcp udev rules (#53) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3200-1 Released: Fri Aug 4 11:52:44 2023 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: important References: 1124564,1212598,1213527,1213618,1213686 This update for libnvme, nvme-cli fixes the following issues: - Update to version 1.4+27.g5ae1c3 - Add getter for subsystem iopolicy (bsc#1124564) - nvme list command improvements (bsc#bsc#1212598) - Don't open nvme devices until it's absolutely required (bsc#1213527, bsc#1213686) - Check genctr after getting discovery entries (bsc#1213618) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3253-1 Released: Wed Aug 9 10:52:10 2023 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1213049 This update for bind fixes the following issues: - Add dnstap support (jsc#PED-4852) - Log named-checkconf output (bsc#1213049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3276-1 Released: Fri Aug 11 10:20:40 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3282-1 Released: Fri Aug 11 10:26:23 2023 Summary: Recommended update for blog Type: recommended Severity: moderate References: This update for blog fixes the following issues: - Fix big endian cast problems to be able to read commands and ansers as well as passphrases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3301-1 Released: Mon Aug 14 07:24:59 2023 Summary: Security update for libyajl Type: security Severity: moderate References: 1212928,CVE-2023-33460 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3311-1 Released: Mon Aug 14 16:23:36 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206418,1207129,1207948,1210627,1210780,1210825,1211131,1211738,1211811,1212445,1212502,1212604,1212766,1212901,1213167,1213272,1213287,1213304,1213417,1213578,1213585,1213586,1213588,1213601,1213620,1213632,1213653,1213713,1213715,1213747,1213756,1213759,1213777,1213810,1213812,1213856,1213857,1213863,1213867,1213870,1213871,1213872,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-21400,CVE-2023-2156,CVE-2023-2166,CVE-2023-31083,CVE-2023-3268,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-38409,CVE-2023-3863,CVE-2023-4004 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ???Inception??? or ???RAS Poisoning??? (bsc#1213287). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-38409: Fixed an issue in set_con2fb_map in drivers/video/fbdev/core/fbcon.c. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info) (bsc#1213417). - CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC. This flaw allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid() (bsc#1212445). - ACPI: CPPC: Add definition for undefined FADT preferred PM profile value (bsc#1212445). - ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() (git-fixes). - ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - afs: Adjust ACK interpretation to try and cope with NAT (git-fixes). - afs: Fix access after dec in put functions (git-fixes). - afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: Fix dynamic root getattr (git-fixes). - afs: Fix fileserver probe RTT handling (git-fixes). - afs: Fix infinite loop found by xfstest generic/676 (git-fixes). - afs: Fix lost servers_outstanding count (git-fixes). - afs: Fix server->active leak in afs_put_server (git-fixes). - afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: Fix updating of i_size with dv jump from server (git-fixes). - afs: Fix vlserver probe RTT handling (git-fixes). - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). - afs: Use refcount_t rather than atomic_t (git-fixes). - afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). - ALSA: emu10k1: roll up loops in DSP setup code for Audigy (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). - ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). - ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). - ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes). - ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (git-fixes). - ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (git-fixes). - ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset (bsc#1207129). - ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (git-fixes). - ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (git-fixes). - ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes). - ALSA: usb-audio: Avoid unnecessary interface change at EP close (git-fixes). - ALSA: usb-audio: Clear fixed clock rate at closing EP (git-fixes). - ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() (git-fixes). - ALSA: usb-audio: Drop superfluous interface setup at parsing (git-fixes). - ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (git-fixes). - ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (git-fixes). - ALSA: usb-audio: More refactoring of hw constraint rules (git-fixes). - ALSA: usb-audio: Properly refcounting clock rate (git-fixes). - ALSA: usb-audio: Rate limit usb_set_interface error reporting (git-fixes). - ALSA: usb-audio: Refcount multiple accesses on the single clock (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) (git-fixes). - ALSA: usb-audio: Update for native DSD support quirks (git-fixes). - ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update (git-fixes). - ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes). - amd-pstate: Fix amd_pstate mode switch (git-fixes). - ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count() (git-fixes). - ASoC: atmel: Fix the 8K sample parameter in I2SC master (git-fixes). - ASoc: codecs: ES8316: Fix DMIC config (git-fixes). - ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). - ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - ASoC: da7219: Check for failure reading AAD IRQ events (git-fixes). - ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes). - ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes). - ASoC: fsl_spdif: Silence output on stop (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (git-fixes). - ASoC: rt711: fix for JD event handling in ClockStop Mode0 (git-fixes). - ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (git-fixes). - ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() (git-fixes). - ASoC: tegra: Fix ADX byte map (git-fixes). - ASoC: tegra: Fix AMX byte map (git-fixes). - ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: Fix division by zero error on zero wsum (bsc#1213653). - block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - bus: mhi: add new interfaces to handle MHI channels directly (bsc#1207948). - bus: mhi: host: add destroy_device argument to mhi_power_down() (bsc#1207948). - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - coda: Avoid partial allocation of sig_inputArgs (git-fixes). - cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection (bsc#1212445). - cpufreq: amd-pstate: Add AMD P-State frequencies attributes (bsc#1212445). - cpufreq: amd-pstate: Add AMD P-State performance attributes (bsc#1212445). - cpufreq: amd-pstate: Add boost mode support for AMD P-State (bsc#1212445). - cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445). - cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445). - cpufreq: amd-pstate: Add fast switch function for AMD P-State (bsc#1212445). - cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445). - cpufreq: amd-pstate: Add guided mode control support via sysfs (bsc#1212445). - cpufreq: amd-pstate: Add more tracepoint for AMD P-State module (bsc#1212445). - cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1212445). - cpufreq: amd-pstate: Add trace for AMD P-State module (bsc#1212445). - cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445). - cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1212445). - cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445). - cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init (bsc#1212445). - cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445). - cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1212445). - cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ (bsc#1212445). - cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State (bsc#1212445). - cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1212445). - cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment (bsc#1212445). - cpufreq: amd-pstate: fix white-space (bsc#1212445). - cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445). - cpufreq: amd-pstate: implement amd pstate cpu online and offline callback (bsc#1212445). - cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors (bsc#1212445). - cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445). - cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future processors (bsc#1212445). - cpufreq: amd-pstate: Introduce the support for the processors with shared memory solution (bsc#1212445). - cpufreq: amd-pstate: Let user know amd-pstate is disabled (bsc#1212445). - cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated (bsc#1212445). - cpufreq: amd-pstate: Make varaiable mode_state_machine static (bsc#1212445). - cpufreq: amd_pstate: map desired perf into pstate scope for powersave governor (bsc#1212445). - cpufreq: amd-pstate: optimize driver working mode selection in amd_pstate_param() (bsc#1212445). - cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver (bsc#1212445). - cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules (bsc#1212445). - cpufreq: amd-pstate: Set a fallback policy based on preferred_profile (bsc#1212445). - cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445). - cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() (bsc#1212445). - cpufreq: amd-pstate: update pstate frequency transition delay time (bsc#1212445). - cpufreq: amd-pstate: Write CPPC enable bit per-socket (bsc#1212445). - crypto: kpp - Add helper to set reqsize (git-fixes). - crypto: qat - Use helper to set reqsize (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - Documentation: cpufreq: amd-pstate: Move amd_pstate param to alphabetical order (bsc#1212445). - Documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - drm/amd/display: Add monitor specific edid quirk (git-fixes). - drm/amd/display: Add polling method to handle MST reply packet (bsc#1213578). - drm/amd/display: check TG is non-null before checking if enabled (git-fixes). - drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). - drm/amd/display: Disable MPC split by default on special asic (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: fix seamless odm transitions (git-fixes). - drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). - drm/amd/display: only accept async flips for fast updates (git-fixes). - drm/amd/display: Only update link settings after successful MST link train (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event() (git-fixes). - drm/amd: Fix an error handling mistake in psp_sw_init() (git-fixes). - drm/amdgpu: add the fan abnormal detection feature (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes). - drm/amdgpu: Fix minmax warning (git-fixes). - drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes). - drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (git-fixes). - drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes). - drm/amd/pm: share the code around SMU13 pcie parameters update (git-fixes). - drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes). - drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (git-fixes). - drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Clear MSG_RDY flag before sending new message (bsc#1213578). - drm: Fix null pointer dereference in drm_dp_atomic_find_time_slots() (bsc#1213578). - drm/i915: Do not preserve dpll_hw_state for slave crtc in Bigjoiner (git-fixes). - drm/i915/dpt: Use shmem for dpt objects (git-fixes). - drm/i915: Fix an error handling path in igt_write_huge() (git-fixes). - drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks (git-fixes). - drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes). - drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). - drm/ttm: fix bulk_move corruption when adding a entry (git-fixes). - drm/ttm: fix warning that we shouldn't mix && and || (git-fixes). - drm/vmwgfx: Fix Legacy Display Unit atomic drm support (bsc#1213632). - drm/vmwgfx: Remove explicit and broken vblank handling (bsc#1213632). - drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632). - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: Removed unneeded release_mem_region (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). - fs: dlm: return positive pid value for F_GETLK (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes). - FS: JFS: Check for read-only mounted filesystem in txBegin (git-fixes). - FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes). - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). - gve: Set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hwmon: (adm1275) Allow setting sample averaging (git-fixes). - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes). - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: Do not try to handle more interrupt events after error (git-fixes). - iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED (git-fixes). - iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (git-fixes). - iavf: Fix out-of-bounds when setting channels on remove (git-fixes). - iavf: fix potential deadlock on allocation failure (git-fixes). - iavf: fix reset task race with iavf_remove() (git-fixes). - iavf: Fix use-after-free in free_netdev (git-fixes). - iavf: Move netdev_update_features() into watchdog task (git-fixes). - iavf: use internal state to free traffic IRQs (git-fixes). - iavf: Wait for reset in callbacks which trigger it (git-fixes). - IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) - ice: Fix max_rate check while configuring TX rate limits (git-fixes). - ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: handle extts in the miscellaneous interrupt thread (git-fixes). - igc: Check if hardware TX timestamping is enabled earlier (git-fixes). - igc: Enable and fix RX hash usage by netstack (git-fixes). - igc: Fix inserting of empty frame for launchtime (git-fixes). - igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). - igc: Fix launchtime before start of cycle (git-fixes). - igc: Fix race condition in PTP tx code (git-fixes). - igc: Handle PPS start time programming for past time values (git-fixes). - igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). - igc: Remove delay during TX ring configuration (git-fixes). - igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - igc: Work around HW bug causing missing timestamps (git-fixes). - Input: i8042 - add Clevo PCX0DX to i8042 quirk table (git-fixes). - Input: iqs269a - do not poll during ATI (git-fixes). - Input: iqs269a - do not poll during suspend or resume (git-fixes). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). - kABI fix after Restore kABI for NVidia vGPU driver (bsc#1210825). - kabi/severities: relax kABI for ath11k local symbols (bsc#1207948) - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). - KVM: arm64: Do not read a HW interrupt pending state in user context (git-fixes) - KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620) - KVM: Do not null dereference ops->destroy (git-fixes) - KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes) - KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes) - KVM: s390: pv: fix index value of replaced ASCE (git-fixes bsc#1213867). - KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (git-fixes). - KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (git-fixes). - KVM: VMX: restore vmx_vmexit alignment (git-fixes). - KVM: x86: Account fastpath-only VM-Exits in vCPU stats (git-fixes). - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - MAINTAINERS: Add AMD P-State driver maintainer entry (bsc#1212445). - m ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes). - md: add error_handlers for raid0 and linear (bsc#1212766). - media: staging: atomisp: select V4L2_FWNODE (git-fixes). - mhi_power_down() kABI workaround (bsc#1207948). - mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). - net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). - net/mlx5: DR, Support SW created encap actions for FW table (git-fixes). - net/mlx5e: Check for NOT_READY flag state after locking (git-fixes). - net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes). - net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes). - net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes). - net/mlx5e: XDP, Allow growing tail for XDP multi buffer (git-fixes). - net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ (git-fixes). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: Fix sparse warning (git-fixes). - nfsd: Remove open coding of string copy (git-fixes). - nfsv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (git-fixes). - nvme: do not reject probe due to duplicate IDs for single-ported PCIe devices (git-fixes). - nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes). - nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: Add additional check for MCAM rules (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). - pinctrl: amd: Do not show `Invalid config param` errors (git-fixes). - pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). - pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes). - RDMA/bnxt_re: Fix hang during driver unload (git-fixes) - RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes) - RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes) - RDMA/irdma: Add missing read barriers (git-fixes) - RDMA/irdma: Fix data race on CQP completion stats (git-fixes) - RDMA/irdma: Fix data race on CQP request done (git-fixes) - RDMA/irdma: Fix op_type reporting in CQEs (git-fixes) - RDMA/irdma: Report correct WC error (git-fixes) - RDMA/mlx4: Make check for invalid flags stricter (git-fixes) - RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes) - regmap: Account for register length in SMBus I/O limits (git-fixes). - regmap: Drop initial version of maximum transfer length fixes (git-fixes). - Restore kABI for NVidia vGPU driver (bsc#1210825). - Revert 'ALSA: usb-audio: Drop superfluous interface setup at parsing' (git-fixes). - Revert 'debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE() usage' (git-fixes). - Revert 'Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)' - Revert 'iavf: Detach device during reset task' (git-fixes). - Revert 'iavf: Do not restart Tx queues after reset task failure' (git-fixes). - Revert 'NFSv4: Retry LOCK on OLD_STATEID during delegation return' (git-fixes). - Revert 'usb: dwc3: core: Enable AutoRetry feature in the controller' (git-fixes). - Revert 'usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()' (git-fixes). - Revert 'usb: xhci: tegra: Fix error check' (git-fixes). - Revert 'xhci: add quirk for host controllers that do not update endpoint DCS' (git-fixes). - Revive drm_dp_mst_hpd_irq() function (bsc#1213578). - rxrpc, afs: Fix selection of abort codes (git-fixes). - s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/dasd: print copy pair message only for the correct error (git-fixes bsc#1213872). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). - scftorture: Count reschedule IPIs (git-fixes). - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). - scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). - scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). - scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). - scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). - scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). - scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: Use struct_size() helper (bsc#1213756). - scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). - scsi: qla2xxx: Array index may go out of bound (bsc#1213747). - scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: Correct the index of array (bsc#1213747). - scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). - scsi: qla2xxx: Fix buffer overrun (bsc#1213747). - scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). - scsi: qla2xxx: Fix deletion race condition (bsc#1213747). - scsi: qla2xxx: Fix end of loop test (bsc#1213747). - scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). - scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). - scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: Fix TMF leak through (bsc#1213747). - scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). - scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). - scsi: qla2xxx: Silence a static checker warning (bsc#1213747). - scsi: qla2xxx: Turn off noisy message log (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). - series: udpate metadata Refresh - sfc: fix crash when reading stats while NIC is resetting (git-fixes). - sfc: fix XDP queues mode with legacy IRQ (git-fixes). - sfc: use budget for TX completions (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). - SUNRPC: always free ctxt when freeing deferred request (git-fixes). - SUNRPC: double free xprt_ctxt while still in use (git-fixes). - SUNRPC: Fix trace_svc_register() call site (git-fixes). - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes). - SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes). - SUNRPC: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: Prevent page release when nothing was received (git-fixes). - tpm_tis: Explicitly check for error code (git-fixes). - tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). - ubifs: Fix build errors as symbol undefined (git-fixes). - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: Fix memory leak in alloc_wbufs() (git-fixes). - ubifs: Fix memory leak in do_rename (git-fixes). - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: Fix to add refcount once page is set private (git-fixes). - ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: Free memory for tmpfile name (git-fixes). - ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: Rectify space budget for ubifs_xrename() (git-fixes). - ubifs: Rename whiteout atomically (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). - ubifs: Reserve one leb for each journal head while doing budget (git-fixes). - ubifs: Re-statistic cleaned znode count if commit failed (git-fixes). - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes). - Update config files: enable CONFIG_X86_AMD_PSTATE (bsc#1212445) - usb: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - USB: serial: option: add LARA-R6 01B PIDs (git-fixes). - usb: typec: Iterate pds array when showing the pd list (git-fixes). - usb: typec: Set port->pd before adding device for typec_port (git-fixes). - usb: typec: Use sysfs_emit_at when concatenating the string (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - vhost: support PACKED when setting-getting vring_base (git-fixes). - virtio_net: Fix error unwinding of XDP initialization (git-fixes). - virtio-net: Maintain reverse cleanup order (git-fixes). - wifi: ath11k: add support for suspend in power down state (bsc#1207948). - wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948). - wifi: ath11k: handle thermal device registeration together with MAC (bsc#1207948). - wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948). - wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - x86/PVH: obtain VGA console info in Dom0 (git-fixes). - xen/blkfront: Only check REQ_FUA for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). - xfs: AIL needs asynchronous CIL forcing (bsc#1211811). - xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: CIL work is serialised, not pipelined (bsc#1211811). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from CIL commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: move the CIL workqueue to the CIL (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order CIL checkpoint start records (bsc#1211811). - xfs: pass a CIL context to xlog_write() (bsc#1211811). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down AIL (bsc#1211811). - xfs: XLOG_STATE_IOERROR must die (bsc#1211811). - xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). - xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). - xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - apparmor-abstractions-3.0.4-150500.11.3.1 updated - apparmor-parser-3.0.4-150500.11.3.1 updated - bind-utils-9.16.42-150500.8.7.1 updated - blog-2.26-150300.4.6.1 updated - curl-8.0.1-150400.5.26.1 updated - google-guest-agent-20230601.00-150000.1.37.1 updated - google-osconfig-agent-20230706.02-150000.1.30.1 updated - grub2-i386-pc-2.06-150500.29.3.1 updated - grub2-x86_64-efi-2.06-150500.29.3.1 updated - grub2-2.06-150500.29.3.1 updated - hostname-3.16-2.22 added - hwinfo-21.85-150500.3.3.1 updated - kernel-default-5.14.21-150500.55.19.1 updated - krb5-1.20.1-150500.3.3.1 updated - libapparmor1-3.0.4-150500.11.3.1 updated - libassuan0-2.5.5-150000.4.5.2 updated - libblogger2-2.26-150300.4.6.1 updated - libcryptsetup12-2.4.3-150400.3.3.1 updated - libcurl4-8.0.1-150400.5.26.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.3.1 updated - libfido2-1-1.13.0-150400.5.6.1 updated - libfstrm0-0.6.1-150300.9.3.1 added - libnvme-mi1-1.4+27.g5ae1c3-150500.4.6.1 updated - libnvme1-1.4+27.g5ae1c3-150500.4.6.1 updated - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - libprotobuf-c1-1.3.2-150200.3.6.1 added - libxml2-2-2.10.3-150500.5.5.1 updated - libyajl2-2.1.0-150000.4.6.1 updated - login_defs-4.8.1-150400.10.9.1 updated - nvme-cli-2.4+24.ga1ee20-150500.4.6.1 updated - openssh-clients-8.4p1-150300.3.22.1 updated - openssh-common-8.4p1-150300.3.22.1 updated - openssh-server-8.4p1-150300.3.22.1 updated - openssh-8.4p1-150300.3.22.1 updated - openssl-1_1-1.1.1l-150500.17.15.1 updated - perl-Bootloader-0.944-150400.3.6.1 updated - python3-bind-9.16.42-150500.8.7.1 updated - samba-client-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 updated - samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 updated - shadow-4.8.1-150400.10.9.1 updated - systemd-presets-common-SUSE-15-150500.20.3.1 updated - wicked-service-0.6.73-150500.3.10.1 updated - wicked-0.6.73-150500.3.10.1 updated - libopenssl3-3.0.8-150500.5.3.1 removed From sle-updates at lists.suse.com Sun Aug 20 07:03:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Aug 2023 09:03:49 +0200 (CEST) Subject: SUSE-CU-2023:2726-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230820070349.3D938FDCB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2726-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.188 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.188 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.19.2-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.88 updated From sle-updates at lists.suse.com Sun Aug 20 07:04:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Aug 2023 09:04:29 +0200 (CEST) Subject: SUSE-CU-2023:2727-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230820070429.C0F01FDCB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2727-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.85 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.85 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.19.2-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.88 updated From sle-updates at lists.suse.com Sun Aug 20 07:05:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Aug 2023 09:05:59 +0200 (CEST) Subject: SUSE-CU-2023:2728-1: Security update of suse/sle15 Message-ID: <20230820070559.9A0C7FDCB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2728-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.88 , suse/sle15:15.4 , suse/sle15:15.4.27.14.88 Container Release : 27.14.88 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.19.2-150400.3.6.1 updated From sle-updates at lists.suse.com Sun Aug 20 07:06:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Aug 2023 09:06:13 +0200 (CEST) Subject: SUSE-CU-2023:2729-1: Security update of bci/golang Message-ID: <20230820070613.BA7E6FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2729-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.2.1 , bci/golang:oldstable , bci/golang:oldstable-2.2.1 Container Release : 2.1 Severity : important Type : security References : 1206346 1206346 1206346 1206346 1206346 1206346 1208269 1208270 1208271 1208272 1209030 1210127 1210127 1210128 1210128 1210129 1210129 1210130 1210130 1210938 1210963 1211029 1211030 1211031 1212073 1212074 1212075 1212076 1213229 1213880 CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-24532 CVE-2023-24534 CVE-2023-24534 CVE-2023-24536 CVE-2023-24536 CVE-2023-24537 CVE-2023-24537 CVE-2023-24538 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 CVE-2023-29406 CVE-2023-29409 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:735-1 Released: Tue Mar 14 18:07:46 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1208269,1208270,1208271,1208272,1209030,CVE-2022-41722,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725,CVE-2023-24532 This update for go1.20 fixes the following issues: - Improvements to go1.x packaging spec: * On Tumbleweed bootstrap with current default gcc13 and gccgo118 * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used. * Change source URLs to go.dev as per Go upstream * On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo GOAMD64=v3 option for x86_64_v3 support. * On x86_64 %define go_amd64=v1 as current instruction baseline * In %check on x86_64 use value %go_amd64=v1 as GOAMD64=v1 to grep correct TSAN version is checked out from LLVM with new spelling for internal/amd64v1/race_linux.syso go1.20.2 (released 2023-03-07) includes a security fix to the crypto/elliptic package, as well as bug fixes to the compiler, the covdata command, the linker, the runtime, and the crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. (boo#1206346) * CVE-2023-24532: crypto/elliptic: Fixed that specific unreduced P-256 scalars produce incorrect results (boo#1209030) * cmd/covdata: short read on string table when merging coverage counters * runtime: some linkname signatures do not match * cmd/compile: inline static init cause compile time error * cmd/compile: internal compiler error: '(*Tree[go.shape.int]).RemoveParent.func1': value .dict (nil) incorrectly live at entry * crypto/ecdh: ECDH method doesn't check curve * cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' * crypto/internal/bigmod: flag amd64 assembly as noescape * runtime: endless traceback when panic in generics funtion * runtime: long latency of sweep assists * syscall.Faccessat and os.LookPath regression in Go 1.20 * os: cmd/go gets error 'copy_file_range: function not implemented' * net: TestTCPSelfConnect failures due to unexpected connections * syscall: Environ uses an invalid unsafe.Pointer conversion on Windows * cmd/compile: ICE on method value involving imported anonymous interface * crypto/x509: Incorrect documentation for ParsePKCS8PrivateKey * crypto/x509: TestSystemVerify consistently failing go1.20.1 (released 2023-02-14) includes security fixes to the crypto/tls, mime/multipart, net/http, and path/filepath packages, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the time package. (bsc#1206346) - CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 * bsc#1208269 security: fix CVE-2022-41722 path/filepath: path traversal in filepath.Clean on Windows * bsc#1208270 security: fix CVE-2022-41723 net/http: avoid quadratic complexity in HPACK decoding * bsc#1208271 security: fix CVE-2022-41724 crypto/tls: large handshake records may cause panics * bsc#1208272 security: fix CVE-2022-41725 net/http, mime/multipart: denial of service from excessive resource consumption * time: update zoneinfo_abbrs on Windows * cmd/link: .go.buildinfo is gc'ed by --gc-sections * cmd/compile/internal/pgo: Detect sample value position instead of hard-coding * cmd/compile: constant overflows when assigned to package level var (Go 1.20 regression) * cmd/compile: internal compiler error: panic: interface conversion: ir.Node is *ir.CompLitExpr, not *ir.Name * cmd/compile: internal compiler error: Type.Elem UNION * runtime: GOOS=ios fails Apple's app validation due to use of private API * cmd/go/internal/test: stale flagdefs.go not detected by tests * all: test failures with ETXTBSY * cmd/go/internal/modfetch: TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing - go1.20 (released 2023-02-01) is a major release of Go. go1.20.x minor releases will be provided through February 2024. https://github.com/golang/go/wiki/Go-Release-Cycle go1.20 arrives six months after go1.19. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. ( bsc#1206346 jsc#PED-1962 ) * Go 1.20 includes four changes to the language * Language change: Go 1.17 added conversions from slice to an array pointer. Go 1.20 extends this to allow conversions from a slice to an array * Language change: The unsafe package defines three new functions SliceData, String, and StringData. Along with Go 1.17's Slice, these functions now provide the complete ability to construct and deconstruct slice and string values, without depending on their exact representation. * Language change: The specification now defines that struct values are compared one field at a time, considering fields in the order they appear in the struct type definition, and stopping at the first mismatch. The specification could previously have been read as if all fields needed to be compared beyond the first mismatch. Similarly, the specification now defines that array values are compared one element at a time, in increasing index order. In both cases, the difference affects whether certain comparisons must panic. Existing programs are unchanged: the new spec wording describes what the implementations have always done. * Language change: Comparable types (such as ordinary interfaces) may now satisfy comparable constraints, even if the type arguments are not strictly comparable (comparison may panic at runtime). This makes it possible to instantiate a type parameter constrained by comparable (e.g., a type parameter for a user-defined generic map key) with a non-strictly comparable type argument such as an interface type, or a composite type containing an interface type. * go command: The directory $GOROOT/pkg no longer stores pre-compiled package archives for the standard library: go install no longer writes them, the go build no longer checks for them, and the Go distribution no longer ships them. Instead, packages in the standard library are built as needed and cached in the build cache, just like packages outside GOROOT. This change reduces the size of the Go distribution and also avoids C toolchain skew for packages that use cgo. Refs jsc#PED-1962 * go command: The implementation of go test -json has been improved to make it more robust. Programs that run go test -json do not need any updates. Programs that invoke go tool test2json directly should now run the test binary with -v=test2json (for example, go test -v=test2json or ./pkg.test -test.v=test2json) instead of plain -v. * go command: A related change to go test -json is the addition of an event with Action set to start at the beginning of each test program's execution. When running multiple tests using the go command, these start events are guaranteed to be emitted in the same order as the packages named on the command line. * go command: The go command now defines architecture feature build tags, such as amd64.v2, to allow selecting a package implementation file based on the presence or absence of a particular architecture feature. See go help buildconstraint for details. * go command: The go subcommands now accept -C to change directory to before performing the command, which may be useful for scripts that need to execute commands in multiple different modules. * go command: The go build and go test commands no longer accept the -i flag, which has been deprecated since Go 1.16. * go command: The go generate command now accepts -skip to skip //go:generate directives matching . * go command: The go test command now accepts -skip to skip tests, subtests, or examples matching . * go command: When the main module is located within GOPATH/src, go install no longer installs libraries for non-main packages to GOPATH/pkg, and go list no longer reports a Target field for such packages. (In module mode, compiled packages are stored in the build cache only, but a bug had caused the GOPATH install targets to unexpectedly remain in effect.) * go command: The go build, go install, and other build-related commands now support a -pgo flag that enables profile-guided optimization, which is described in more detail in the Compiler section below. The -pgo flag specifies the file path of the profile. Specifying -pgo=auto causes the go command to search for a file named default.pgo in the main package's directory and use it if present. This mode currently requires a single main package to be specified on the command line, but we plan to lift this restriction in a future release. Specifying -pgo=off turns off profile-guided optimization. * go command: The go build, go install, and other build-related commands now support a -cover flag that builds the specified target with code coverage instrumentation. This is described in more detail in the Cover section below. * go version: The go version -m command now supports reading more types of Go binaries, most notably, Windows DLLs built with go build -buildmode=c-shared and Linux binaries without execute permission. * Cgo: The go command now disables cgo by default on systems without a C toolchain. More specifically, when the CGO_ENABLED environment variable is unset, the CC environment variable is unset, and the default C compiler (typically clang or gcc) is not found in the path, CGO_ENABLED defaults to 0. As always, you can override the default by setting CGO_ENABLED explicitly. The most important effect of the default change is that when Go is installed on a system without a C compiler, it will now use pure Go builds for packages in the standard library that use cgo, instead of using pre-distributed package archives (which have been removed, as noted above) or attempting to use cgo and failing. This makes Go work better in some minimal container environments as well as on macOS, where pre-distributed package archives have not been used for cgo-based packages since Go 1.16. The packages in the standard library that use cgo are net, os/user, and plugin. On macOS, the net and os/user packages have been rewritten not to use cgo: the same code is now used for cgo and non-cgo builds as well as cross-compiled builds. On Windows, the net and os/user packages have never used cgo. On other systems, builds with cgo disabled will use a pure Go version of these packages. On macOS, the race detector has been rewritten not to use cgo: race-detector-enabled programs can be built and run without Xcode. On Linux and other Unix systems, and on Windows, a host C toolchain is required to use the race detector. * go cover: Go 1.20 supports collecting code coverage profiles for programs (applications and integration tests), as opposed to just unit tests. To collect coverage data for a program, build it with go build's -cover flag, then run the resulting binary with the environment variable GOCOVERDIR set to an output directory for coverage profiles. See the 'coverage for integration tests' landing page for more on how to get started. For details on the design and implementation, see the proposal. * go vet: Improved detection of loop variable capture by nested functions. The vet tool now reports references to loop variables following a call to T.Parallel() within subtest function bodies. Such references may observe the value of the variable from a different iteration (typically causing test cases to be skipped) or an invalid state due to unsynchronized concurrent access. * go vet: The tool also detects reference mistakes in more places. Previously it would only consider the last statement of the loop body, but now it recursively inspects the last statements within if, switch, and select statements. * go vet: New diagnostic for incorrect time formats. The vet tool now reports use of the time format 2006-02-01 (yyyy-dd-mm) with Time.Format and time.Parse. This format does not appear in common date standards, but is frequently used by mistake when attempting to use the ISO 8601 date format (yyyy-mm-dd). * Runtime: Some of the garbage collector's internal data structures were reorganized to be both more space and CPU efficient. This change reduces memory overheads and improves overall CPU performance by up to 2%. * Runtime: The garbage collector behaves less erratically with respect to goroutine assists in some circumstances. * Runtime: Go 1.20 adds a new runtime/coverage package containing APIs for writing coverage profile data at runtime from long-running and/or server programs that do not terminate via os.Exit(). * Compiler: Go 1.20 adds preview support for profile-guided optimization (PGO). PGO enables the toolchain to perform application- and workload-specific optimizations based on run-time profile information. Currently, the compiler supports pprof CPU profiles, which can be collected through usual means, such as the runtime/pprof or net/http/pprof packages. To enable PGO, pass the path of a pprof profile file via the -pgo flag to go build, as mentioned above. Go 1.20 uses PGO to more aggressively inline functions at hot call sites. Benchmarks for a representative set of Go programs show enabling profile-guided inlining optimization improves performance about 3???4%. See the PGO user guide for detailed documentation. We plan to add more profile-guided optimizations in future releases. Note that profile-guided optimization is a preview, so please use it with appropriate caution. * Compiler: The Go 1.20 compiler upgraded its front-end to use a new way of handling the compiler's internal data, which fixes several generic-types issues and enables type declarations within generic functions and methods. * Compiler: The compiler now rejects anonymous interface cycles with a compiler error by default. These arise from tricky uses of embedded interfaces and have always had subtle correctness issues, yet we have no evidence that they're actually used in practice. Assuming no reports from users adversely affected by this change, we plan to update the language specification for Go 1.22 to formally disallow them so tools authors can stop supporting them too. * Compiler: Go 1.18 and 1.19 saw regressions in build speed, largely due to the addition of support for generics and follow-on work. Go 1.20 improves build speeds by up to 10%, bringing it back in line with Go 1.17. Relative to Go 1.19, generated code performance is also generally slightly improved. * Linker: On Linux, the linker now selects the dynamic interpreter for glibc or musl at link time. * Linker: On Windows, the Go linker now supports modern LLVM-based C toolchains. * Linker: Go 1.20 uses go: and type: prefixes for compiler-generated symbols rather than go. and type.. This avoids confusion for user packages whose name starts with go.. The debug/gosym package understands this new naming convention for binaries built with Go 1.20 and newer. * Bootstrap: When building a Go release from source and GOROOT_BOOTSTRAP is not set, previous versions of Go looked for a Go 1.4 or later bootstrap toolchain in the directory $HOME/go1.4 (%HOMEDRIVE%%HOMEPATH%\go1.4 on Windows). Go 1.18 and Go 1.19 looked first for $HOME/go1.17 or $HOME/sdk/go1.17 before falling back to $HOME/go1.4, in anticipation of requiring Go 1.17 for use when bootstrapping Go 1.20. Go 1.20 does require a Go 1.17 release for bootstrapping, but we realized that we should adopt the latest point release of the bootstrap toolchain, so it requires Go 1.17.13. Go 1.20 looks for $HOME/go1.17.13 or $HOME/sdk/go1.17.13 before falling back to $HOME/go1.4 (to support systems that hard-coded the path $HOME/go1.4 but have installed a newer Go toolchain there). In the future, we plan to move the bootstrap toolchain forward approximately once a year, and in particular we expect that Go 1.22 will require the final point release of Go 1.20 for bootstrap. * Library: Go 1.20 adds a new crypto/ecdh package to provide explicit support for Elliptic Curve Diffie-Hellman key exchanges over NIST curves and Curve25519. Programs should use crypto/ecdh instead of the lower-level functionality in crypto/elliptic for ECDH, and third-party modules for more advanced use cases. * Error handling: Go 1.20 expands support for error wrapping to permit an error to wrap multiple other errors. * Error handling: An error e can wrap more than one error by providing an Unwrap method that returns a []error. * Error handling: The errors.Is and errors.As functions have been updated to inspect multiply wrapped errors. * Error handling: The fmt.Errorf function now supports multiple occurrences of the %w format verb, which will cause it to return an error that wraps all of those error operands. * Error handling: The new function errors.Join returns an error wrapping a list of errors. * HTTP ResponseController: The new 'net/http'.ResponseController type provides access to extended per-request functionality not handled by the 'net/http'.ResponseWriter interface. The ResponseController type provides a clearer, more discoverable way to add per-handler controls. Two such controls also added in Go 1.20 are SetReadDeadline and SetWriteDeadline, which allow setting per-request read and write deadlines. * New ReverseProxy Rewrite hook: The httputil.ReverseProxy forwarding proxy includes a new Rewrite hook function, superseding the previous Director hook. * archive/tar: When the GODEBUG=tarinsecurepath=0 environment variable is set, Reader.Next method will now return the error ErrInsecurePath for an entry with a file name that is an absolute path, refers to a location outside the current directory, contains invalid characters, or (on Windows) is a reserved name such as NUL. A future version of Go may disable insecure paths by default. * archive/zip: When the GODEBUG=zipinsecurepath=0 environment variable is set, NewReader will now return the error ErrInsecurePath when opening an archive which contains any file name that is an absolute path, refers to a location outside the current directory, contains invalid characters, or (on Windows) is a reserved names such as NUL. A future version of Go may disable insecure paths by default. * archive/zip: Reading from a directory file that contains file data will now return an error. The zip specification does not permit directory files to contain file data, so this change only affects reading from invalid archives. * bytes: The new CutPrefix and CutSuffix functions are like TrimPrefix and TrimSuffix but also report whether the string was trimmed. * bytes: The new Clone function allocates a copy of a byte slice. * context: The new WithCancelCause function provides a way to cancel a context with a given error. That error can be retrieved by calling the new Cause function. * crypto/ecdsa: When using supported curves, all operations are now implemented in constant time. This led to an increase in CPU time between 5% and 30%, mostly affecting P-384 and P-521. * crypto/ecdsa: The new PrivateKey.ECDH method converts an ecdsa.PrivateKey to an ecdh.PrivateKey. * crypto/ed25519: The PrivateKey.Sign method and the VerifyWithOptions function now support signing pre-hashed messages with Ed25519ph, indicated by an Options.HashFunc that returns crypto.SHA512. They also now support Ed25519ctx and Ed25519ph with context, indicated by setting the new Options.Context field. * crypto/rsa: The new field OAEPOptions.MGFHash allows configuring the MGF1 hash separately for OAEP decryption. * crypto/rsa: crypto/rsa now uses a new, safer, constant-time backend. This causes a CPU runtime increase for decryption operations between approximately 15% (RSA-2048 on amd64) and 45% (RSA-4096 on arm64), and more on 32-bit architectures. Encryption operations are approximately 20x slower than before (but still 5-10x faster than decryption). Performance is expected to improve in future releases. Programs must not modify or manually generate the fields of PrecomputedValues. * crypto/subtle: The new function XORBytes XORs two byte slices together. * crypto/tls: Parsed certificates are now shared across all clients actively using that certificate. The memory savings can be significant in programs that make many concurrent connections to a server or collection of servers sharing any part of their certificate chains. * crypto/tls: For a handshake failure due to a certificate verification failure, the TLS client and server now return an error of the new type CertificateVerificationError, which includes the presented certificates. * crypto/x509: ParsePKCS8PrivateKey and MarshalPKCS8PrivateKey now support keys of type *crypto/ecdh.PrivateKey. ParsePKIXPublicKey and MarshalPKIXPublicKey now support keys of type *crypto/ecdh.PublicKey. Parsing NIST curve keys still returns values of type *ecdsa.PublicKey and *ecdsa.PrivateKey. Use their new ECDH methods to convert to the crypto/ecdh types. * crypto/x509: The new SetFallbackRoots function allows a program to define a set of fallback root certificates in case an operating system verifier or standard platform root bundle is unavailable at runtime. It will most commonly be used with a new package, golang.org/x/crypto/x509roots/fallback, which will provide an up to date root bundle. * debug/elf: Attempts to read from a SHT_NOBITS section using Section.Data or the reader returned by Section.Open now return an error. * debug/elf: Additional R_LARCH_* constants are defined for use with LoongArch systems. * debug/elf: Additional R_PPC64_* constants are defined for use with PPC64 ELFv2 relocations. * debug/elf: The constant value for R_PPC64_SECTOFF_LO_DS is corrected, from 61 to 62. * debug/gosym: Due to a change of Go's symbol naming conventions, tools that process Go binaries should use Go 1.20's debug/gosym package to transparently handle both old and new binaries. * debug/pe: Additional IMAGE_FILE_MACHINE_RISCV* constants are defined for use with RISC-V systems. * encoding/binary: The ReadVarint and ReadUvarint functions will now return io.ErrUnexpectedEOF after reading a partial value, rather than io.EOF. * encoding/xml: The new Encoder.Close method can be used to check for unclosed elements when finished encoding. * encoding/xml: The decoder now rejects element and attribute names with more than one colon, such as , as well as namespaces that resolve to an empty string, such as xmlns:a=''. * encoding/xml: The decoder now rejects elements that use different namespace prefixes in the opening and closing tag, even if those prefixes both denote the same namespace. * errors: The new Join function returns an error wrapping a list of errors. * fmt: The Errorf function supports multiple occurrences of the %w format verb, returning an error that unwraps to the list of all arguments to %w. * fmt: The new FormatString function recovers the formatting directive corresponding to a State, which can be useful in Formatter. implementations. * go/ast: The new RangeStmt.Range field records the position of the range keyword in a range statement. * go/ast: The new File.FileStart and File.FileEnd fields record the position of the start and end of the entire source file. * go/token: The new FileSet.RemoveFile method removes a file from a FileSet. Long-running programs can use this to release memory associated with files they no longer need. * go/types: The new Satisfies function reports whether a type satisfies a constraint. This change aligns with the new language semantics that distinguish satisfying a constraint from implementing an interface. * io: The new OffsetWriter wraps an underlying WriterAt and provides Seek, Write, and WriteAt methods that adjust their effective file offset position by a fixed amount. * io/fs: The new error SkipAll terminates a WalkDir immediately but successfully. * math/big: The math/big package's wide scope and input-dependent timing make it ill-suited for implementing cryptography. The cryptography packages in the standard library no longer call non-trivial Int methods on attacker-controlled inputs. In the future, the determination of whether a bug in math/big is considered a security vulnerability will depend on its wider impact on the standard library. * math/rand: The math/rand package now automatically seeds the global random number generator (used by top-level functions like Float64 and Int) with a random value, and the top-level Seed function has been deprecated. Programs that need a reproducible sequence of random numbers should prefer to allocate their own random source, using rand.New(rand.NewSource(seed)). * math/rand: Programs that need the earlier consistent global seeding behavior can set GODEBUG=randautoseed=0 in their environment. * math/rand: The top-level Read function has been deprecated. In almost all cases, crypto/rand.Read is more appropriate. * mime: The ParseMediaType function now allows duplicate parameter names, so long as the values of the names are the same. * mime/multipart: Methods of the Reader type now wrap errors returned by the underlying io.Reader. * net: The LookupCNAME function now consistently returns the contents of a CNAME record when one exists. Previously on Unix systems and when using the pure Go resolver, LookupCNAME would return an error if a CNAME record referred to a name that with no A, AAAA, or CNAME record. This change modifies LookupCNAME to match the previous behavior on Windows, allowing LookupCNAME to succeed whenever a CNAME exists. * net: Interface.Flags now includes the new flag FlagRunning, indicating an operationally active interface. An interface which is administratively configured but not active (for example, because the network cable is not connected) will have FlagUp set but not FlagRunning. * net: The new Dialer.ControlContext field contains a callback function similar to the existing Dialer.Control hook, that additionally accepts the dial context as a parameter. Control is ignored when ControlContext is not nil. * net: The Go DNS resolver recognizes the trust-ad resolver option. When options trust-ad is set in resolv.conf, the Go resolver will set the AD bit in DNS queries. The resolver does not make use of the AD bit in responses. * net: DNS resolution will detect changes to /etc/nsswitch.conf and reload the file when it changes. Checks are made at most once every five seconds, matching the previous handling of /etc/hosts and /etc/resolv.conf. * net/http: The ResponseWriter.WriteHeader function now supports sending 1xx status codes. * net/http: The new Server.DisableGeneralOptionsHandler configuration setting allows disabling the default OPTIONS * handler. * net/http: The new Transport.OnProxyConnectResponse hook is called when a Transport receives an HTTP response from a proxy for a CONNECT request. * net/http: The HTTP server now accepts HEAD requests containing a body, rather than rejecting them as invalid. * net/http: HTTP/2 stream errors returned by net/http functions may be converted to a golang.org/x/net/http2.StreamError using errors.As. * net/http: Leading and trailing spaces are trimmed from cookie names, rather than being rejected as invalid. For example, a cookie setting of 'name =value' is now accepted as setting the cookie 'name'. * net/netip: The new IPv6LinkLocalAllRouters and IPv6Loopback functions are the net/netip equivalents of net.IPv6loopback and net.IPv6linklocalallrouters. * os: On Windows, the name NUL is no longer treated as a special case in Mkdir and Stat. * os: On Windows, File.Stat now uses the file handle to retrieve attributes when the file is a directory. Previously it would use the path passed to Open, which may no longer be the file represented by the file handle if the file has been moved or replaced. This change modifies Open to open directories without the FILE_SHARE_DELETE access, which match the behavior of regular files. * os: On Windows, File.Seek now supports seeking to the beginning of a directory. * os/exec: The new Cmd fields Cancel and WaitDelay specify the behavior of the Cmd when its associated Context is canceled or its process exits with I/O pipes still held open by a child process. * path/filepath: The new error SkipAll terminates a Walk immediately but successfully. * path/filepath: The new IsLocal function reports whether a path is lexically local to a directory. For example, if IsLocal(p) is true, then Open(p) will refer to a file that is lexically within the subtree rooted at the current directory. * reflect: The new Value.Comparable and Value.Equal methods can be used to compare two Values for equality. Comparable reports whether Equal is a valid operation for a given Value receiver. * reflect: The new Value.Grow method extends a slice to guarantee space for another n elements. * reflect: The new Value.SetZero method sets a value to be the zero value for its type. * reflect: Go 1.18 introduced Value.SetIterKey and Value.SetIterValue methods. These are optimizations: v.SetIterKey(it) is meant to be equivalent to v.Set(it.Key()). The implementations incorrectly omitted a check for use of unexported fields that was present in the unoptimized forms. Go 1.20 corrects these methods to include the unexported field check. * regexp: Go 1.19.2 and Go 1.18.7 included a security fix to the regular expression parser, making it reject very large expressions that would consume too much memory. Because Go patch releases do not introduce new API, the parser returned syntax.ErrInternalError in this case. Go 1.20 adds a more specific error, syntax.ErrLarge, which the parser now returns instead. * runtime/cgo: Go 1.20 adds new Incomplete marker type. Code generated by cgo will use cgo.Incomplete to mark an incomplete C type. * runtime/metrics: Go 1.20 adds new supported metrics, including the current GOMAXPROCS setting (/sched/gomaxprocs:threads), the number of cgo calls executed (/cgo/go-to-c-calls:calls), total mutex block time (/sync/mutex/wait/total:seconds), and various measures of time spent in garbage collection. * runtime/metrics: Time-based histogram metrics are now less precise, but take up much less memory. * runtime/pprof: Mutex profile samples are now pre-scaled, fixing an issue where old mutex profile samples would be scaled incorrectly if the sampling rate changed during execution. * runtime/pprof: Profiles collected on Windows now include memory mapping information that fixes symbolization issues for position-independent binaries. * runtime/trace: The garbage collector's background sweeper now yields less frequently, resulting in many fewer extraneous events in execution traces. * strings: The new CutPrefix and CutSuffix functions are like TrimPrefix and TrimSuffix but also report whether the string was trimmed. * sync: The new Map methods Swap, CompareAndSwap, and CompareAndDelete allow existing map entries to be updated atomically. * syscall: On FreeBSD, compatibility shims needed for FreeBSD 11 and earlier have been removed. * syscall: On Linux, additional CLONE_* constants are defined for use with the SysProcAttr.Cloneflags field. * syscall: On Linux, the new SysProcAttr.CgroupFD and SysProcAttr.UseCgroupFD fields provide a way to place a child process into a specific cgroup. * testing: The new method B.Elapsed reports the current elapsed time of the benchmark, which may be useful for calculating rates to report with ReportMetric. * time: The new time layout constants DateTime, DateOnly, and TimeOnly provide names for three of the most common layout strings used in a survey of public Go source code. * time: The new Time.Compare method compares two times. * time: Parse now ignores sub-nanosecond precision in its input, instead of reporting those digits as an error. * time: The Time.MarshalJSON method is now more strict about adherence to RFC 3339. * unicode/utf16: The new AppendRune function appends the UTF-16 encoding of a given rune to a uint16 slice, analogous to utf8.AppendRune. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1791-1 Released: Thu Apr 6 15:37:30 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1210127,1210128,1210129,1210130,CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538 This update for go1.20 fixes the following issues: Update to version 1.20.3: * CVE-2023-24534: security: net/http, net/textproto: denial of service from excessive memory allocation (bsc#1210127) * CVE-2023-24536: security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (bsc#1210128) * CVE-2023-24537: security: go/parser: infinite loop in parsing (bsc#1210129) * CVE-2023-24538: security: html/template: backticks not treated as string delimiters (bsc#1210130) * x/text: building as a plugin failure on darwin/arm64 * cmd/go: timeout on darwin-amd64-race builder * internal/testpty: fails on some Linux machines due to incorrect error handling * cmd/link: Incorrect symbol linked in darwin/arm64 * cmd/link: linker fails on linux/amd64 when gcc's lto options are used * cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * time: time zone lookup using extend string makes wrong start time for non-DST zones * runtime: crash on linux-ppc64le * cmd/compile: crypto/elliptic build error under -linkshared mode * cmd/compile: unsafe.SliceData incoherent resuilt with nil argument ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2105-1 Released: Fri May 5 08:34:09 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1210127,1210128,1210129,1210130,1210938,1210963,1211029,1211030,1211031,CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538,CVE-2023-24539,CVE-2023-24540,CVE-2023-29400 This update for go1.20 fixes the following issues: Update to 1.20.4 (bnc#1206346): - CVE-2023-24539: Fixed an improper sanitization of CSS values (boo#1211029). - CVE-2023-24540: Fixed an improper handling of JavaScript whitespace (boo#1211030). - CVE-2023-29400: Fixed an improper handling of empty HTML attributes (boo#1211031). - runtime: automatically bump RLIMIT_NOFILE on Unix. - crypto/subtle: xor fails when run with race+purego. - cmd/compile: encoding/binary.PutUint16 sometimes doesn't write. - cmd/compile: internal compiler error: cannot call SetType(go.shape.int) on v (type int). - cmd/compile: miscompilation in star-tex.org/x/cmd/star-tex. - net/http: FileServer no longer serves content for POST. - crypto/tls: TLSv1.3 connection fails with invalid PSK binder. - cmd/compile: incorrect inline function variable. - cmd/compile: Unified IR exports table is binary unstable in presence of generics. - go/internal/gcimporter: lookupGorootExport should use the go command from build.Default.GOROOT. Non-security fixes: - Reverted go1.x Suggests go1.x-race (boo#1210963). - Re-enabled binary stripping and debuginfo (boo#1210938). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2526-1 Released: Fri Jun 16 17:33:35 2023 Summary: Security update for go1.20 Type: security Severity: moderate References: 1206346,1212073,1212074,1212075,1212076,CVE-2023-29402,CVE-2023-29403,CVE-2023-29404,CVE-2023-29405 This update for go1.20 fixes the following issues: Update to go1.20.5 (bsc#1206346): - CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073). - CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074). - CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075). - CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2846-1 Released: Mon Jul 17 08:39:40 2023 Summary: Security update for go1.20 Type: security Severity: moderate References: 1206346,1213229,CVE-2023-29406 This update for go1.20 fixes the following issues: go was updated to version 1.20.6 (bsc#1206346): - CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3181-1 Released: Thu Aug 3 21:34:12 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1213880,CVE-2023-29409 This update for go1.20 fixes the following issues: - Update to go v1.20.7 (released 2023-08-01) (bsc#1206346) - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) The following package changes have been done: - go1.20-doc-1.20.7-150000.1.20.1 added - go1.20-1.20.7-150000.1.20.1 added - go1.20-race-1.20.7-150000.1.20.1 added - go1.19-1.19.12-150000.1.40.1 removed - go1.19-doc-1.19.12-150000.1.40.1 removed - go1.19-race-1.19.12-150000.1.40.1 removed From sle-updates at lists.suse.com Sun Aug 20 07:06:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Aug 2023 09:06:27 +0200 (CEST) Subject: SUSE-CU-2023:2730-1: Recommended update of bci/golang Message-ID: <20230820070627.7B0E4FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2730-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.2.1 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : 1212475 1212667 1212669 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3323-1 Released: Tue Aug 15 20:29:53 2023 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475,1212667,1212669 This update for go1.21 fixes the following issues: go1.21 (released 2023-08-08) is a major release of Go. go1.21.x minor releases will be provided through August 2024. https://github.com/golang/go/wiki/Go-Release-Cycle go1.21 arrives six months after go1.20. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Go 1.21 introduces a small change to the numbering of releases. In the past, we used Go 1.N to refer to both the overall Go language version and release family as well as the first release in that family. Starting in Go 1.21, the first release is now Go 1.N.0. Today we are releasing both the Go 1.21 language and its initial implementation, the Go 1.21.0 release. These notes refer to 'Go 1.21'; tools like go version will report 'go1.21.0' (until you upgrade to Go 1.21.1). See 'Go versions' in the 'Go Toolchains' documentation for details about the new version numbering. * Language change: Go 1.21 adds three new built-ins to the language. * Language change: The new functions min and max compute the smallest (or largest, for max) value of a fixed number of given arguments. See the language spec for details. * Language change: The new function clear deletes all elements from a map or zeroes all elements of a slice. See the language spec for details. * Package initialization order is now specified more precisely. This may change the behavior of some programs that rely on a specific initialization ordering that was not expressed by explicit imports. The behavior of such programs was not well defined by the spec in past releases. The new rule provides an unambiguous definition. * Multiple improvements that increase the power and precision of type inference have been made. * A (possibly partially instantiated generic) function may now be called with arguments that are themselves (possibly partially instantiated) generic functions. * Type inference now also considers methods when a value is assigned to an interface: type arguments for type parameters used in method signatures may be inferred from the corresponding parameter types of matching methods. * Similarly, since a type argument must implement all the methods of its corresponding constraint, the methods of the type argument and constraint are matched which may lead to the inference of additional type arguments. * If multiple untyped constant arguments of different kinds (such as an untyped int and an untyped floating-point constant) are passed to parameters with the same (not otherwise specified) type parameter type, instead of an error, now type inference determines the type using the same approach as an operator with untyped constant operands. This change brings the types inferred from untyped constant arguments in line with the types of constant expressions. * Type inference is now precise when matching corresponding types in assignments * The description of type inference in the language spec has been clarified. * Go 1.21 includes a preview of a language change we are considering for a future version of Go: making for loop variables per-iteration instead of per-loop, to avoid accidental sharing bugs. For details about how to try that language change, see the LoopvarExperiment wiki page. * Go 1.21 now defines that if a goroutine is panicking and recover was called directly by a deferred function, the return value of recover is guaranteed not to be nil. To ensure this, calling panic with a nil interface value (or an untyped nil) causes a run-time panic of type *runtime.PanicNilError. To support programs written for older versions of Go, nil panics can be re-enabled by setting GODEBUG=panicnil=1. This setting is enabled automatically when compiling a program whose main package is in a module with that declares go 1.20 or earlier. * Go 1.21 adds improved support for backwards compatibility and forwards compatibility in the Go toolchain. * To improve backwards compatibility, Go 1.21 formalizes Go's use of the GODEBUG environment variable to control the default behavior for changes that are non-breaking according to the compatibility policy but nonetheless may cause existing programs to break. (For example, programs that depend on buggy behavior may break when a bug is fixed, but bug fixes are not considered breaking changes.) When Go must make this kind of behavior change, it now chooses between the old and new behavior based on the go line in the workspace's go.work file or else the main module's go.mod file. Upgrading to a new Go toolchain but leaving the go line set to its original (older) Go version preserves the behavior of the older toolchain. With this compatibility support, the latest Go toolchain should always be the best, most secure, implementation of an older version of Go. See 'Go, Backwards Compatibility, and GODEBUG' for details. * To improve forwards compatibility, Go 1.21 now reads the go line in a go.work or go.mod file as a strict minimum requirement: go 1.21.0 means that the workspace or module cannot be used with Go 1.20 or with Go 1.21rc1. This allows projects that depend on fixes made in later versions of Go to ensure that they are not used with earlier versions. It also gives better error reporting for projects that make use of new Go features: when the problem is that a newer Go version is needed, that problem is reported clearly, instead of attempting to build the code and instead printing errors about unresolved imports or syntax errors. * To make these new stricter version requirements easier to manage, the go command can now invoke not just the toolchain bundled in its own release but also other Go toolchain versions found in the PATH or downloaded on demand. If a go.mod or go.work go line declares a minimum requirement on a newer version of Go, the go command will find and run that version automatically. The new toolchain directive sets a suggested minimum toolchain to use, which may be newer than the strict go minimum. See 'Go Toolchains' for details. * go command: The -pgo build flag now defaults to -pgo=auto, and the restriction of specifying a single main package on the command line is now removed. If a file named default.pgo is present in the main package's directory, the go command will use it to enable profile-guided optimization for building the corresponding program. * go command: The -C dir flag must now be the first flag on the command-line when used. * go command: The new go test option -fullpath prints full path names in test log messages, rather than just base names. * go command: The go test -c flag now supports writing test binaries for multiple packages, each to pkg.test where pkg is the package name. It is an error if more than one test package being compiled has a given package name.] * go command: The go test -o flag now accepts a directory argument, in which case test binaries are written to that directory instead of the current directory. * cgo: In files that import 'C', the Go toolchain now correctly reports errors for attempts to declare Go methods on C types. * runtime: When printing very deep stacks, the runtime now prints the first 50 (innermost) frames followed by the bottom 50 (outermost) frames, rather than just printing the first 100 frames. This makes it easier to see how deeply recursive stacks started, and is especially valuable for debugging stack overflows. * runtime: On Linux platforms that support transparent huge pages, the Go runtime now manages which parts of the heap may be backed by huge pages more explicitly. This leads to better utilization of memory: small heaps should see less memory used (up to 50% in pathological cases) while large heaps should see fewer broken huge pages for dense parts of the heap, improving CPU usage and latency by up to 1%. * runtime: As a result of runtime-internal garbage collection tuning, applications may see up to a 40% reduction in application tail latency and a small decrease in memory use. Some applications may also observe a small loss in throughput. The memory use decrease should be proportional to the loss in throughput, such that the previous release's throughput/memory tradeoff may be recovered (with little change to latency) by increasing GOGC and/or GOMEMLIMIT slightly. * runtime: Calls from C to Go on threads created in C require some setup to prepare for Go execution. On Unix platforms, this setup is now preserved across multiple calls from the same thread. This significantly reduces the overhead of subsequent C to Go calls from ~1-3 microseconds per call to ~100-200 nanoseconds per call. * compiler: Profile-guide optimization (PGO), added as a preview in Go 1.20, is now ready for general use. PGO enables additional optimizations on code identified as hot by profiles of production workloads. As mentioned in the Go command section, PGO is enabled by default for binaries that contain a default.pgo profile in the main package directory. Performance improvements vary depending on application behavior, with most programs from a representative set of Go programs seeing between 2 and 7% improvement from enabling PGO. See the PGO user guide for detailed documentation. * compiler: PGO builds can now devirtualize some interface method calls, adding a concrete call to the most common callee. This enables further optimization, such as inlining the callee. * compiler: Go 1.21 improves build speed by up to 6%, largely thanks to building the compiler itself with PGO. * assembler: On amd64, frameless nosplit assembly functions are no longer automatically marked as NOFRAME. Instead, the NOFRAME attribute must be explicitly specified if desired, which is already the behavior on other architectures supporting frame pointers. With this, the runtime now maintains the frame pointers for stack transitions. * assembler: The verifier that checks for incorrect uses of R15 when dynamic linking on amd64 has been improved. * linker: On windows/amd64, the linker (with help from the compiler) now emits SEH unwinding data by default, which improves the integration of Go applications with Windows debuggers and other tools. * linker: In Go 1.21 the linker (with help from the compiler) is now capable of deleting dead (unreferenced) global map variables, if the number of entries in the variable initializer is sufficiently large, and if the initializer expressions are side-effect free. * core library: The new log/slog package provides structured logging with levels. Structured logging emits key-value pairs to enable fast, accurate processing of large amounts of log data. The package supports integration with popular log analysis tools and services. * core library: The new testing/slogtest package can help to validate slog.Handler implementations. * core library: The new slices package provides many common operations on slices, using generic functions that work with slices of any element type. * core library: The new maps package provides several common operations on maps, using generic functions that work with maps of any key or element type. * core library: The new cmp package defines the type constraint Ordered and two new generic functions Less and Compare that are useful with ordered types. * Minor changes to the library: As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. There are also various performance improvements, not enumerated here. * archive/tar: The implementation of the io/fs.FileInfo interface returned by Header.FileInfo now implements a String method that calls io/fs.FormatFileInfo. * archive/zip: The implementation of the io/fs.FileInfo interface returned by FileHeader.FileInfo now implements a String method that calls io/fs.FormatFileInfo. * archive/zip: The implementation of the io/fs.DirEntry interface returned by the io/fs.ReadDirFile.ReadDir method of the io/fs.File returned by Reader.Open now implements a String method that calls io/fs.FormatDirEntry. * bytes: The Buffer type has two new methods: Available and AvailableBuffer. These may be used along with the Write method to append directly to the Buffer. * context: The new WithoutCancel function returns a copy of a context that is not canceled when the original context is canceled. * context: The new WithDeadlineCause and WithTimeoutCause functions provide a way to set a context cancellation cause when a deadline or timer expires. The cause may be retrieved with the Cause function. * context: The new AfterFunc function registers a function to run after a context has been cancelled. * context: An optimization means that the results of calling Background and TODO and converting them to a shared type can be considered equal. In previous releases they were always different. Comparing Context values for equality has never been well-defined, so this is not considered to be an incompatible change. * crypto/ecdsa: PublicKey.Equal and PrivateKey.Equal now execute in constant time. * crypto/elliptic: All of the Curve methods have been deprecated, along with GenerateKey, Marshal, and Unmarshal. For ECDH operations, the new crypto/ecdh package should be used instead. For lower-level operations, use third-party modules such as filippo.io/nistec. * crypto/rand: The crypto/rand package now uses the getrandom system call on NetBSD 10.0 and later. * crypto/rsa: The performance of private RSA operations (decryption and signing) is now better than Go 1.19 for GOARCH=amd64 and GOARCH=arm64. It had regressed in Go 1.20. * crypto/rsa: Due to the addition of private fields to PrecomputedValues, PrivateKey.Precompute must be called for optimal performance even if deserializing (for example from JSON) a previously-precomputed private key. * crypto/rsa: PublicKey.Equal and PrivateKey.Equal now execute in constant time. * crypto/rsa: The GenerateMultiPrimeKey function and the PrecomputedValues.CRTValues field have been deprecated. PrecomputedValues.CRTValues will still be populated when PrivateKey.Precompute is called, but the values will not be used during decryption operations. * crypto/sha256: SHA-224 and SHA-256 operations now use native instructions when available when GOARCH=amd64, providing a performance improvement on the order of 3-4x. * crypto/tls: Servers now skip verifying client certificates (including not running Config.VerifyPeerCertificate) for resumed connections, besides checking the expiration time. This makes session tickets larger when client certificates are in use. Clients were already skipping verification on resumption, but now check the expiration time even if Config.InsecureSkipVerify is set. * crypto/tls: Applications can now control the content of session tickets. * crypto/tls: The new SessionState type describes a resumable session. * crypto/tls: The SessionState.Bytes method and ParseSessionState function serialize and deserialize a SessionState. * crypto/tls: The Config.WrapSession and Config.UnwrapSession hooks convert a SessionState to and from a ticket on the server side. * crypto/tls: The Config.EncryptTicket and Config.DecryptTicket methods provide a default implementation of WrapSession and UnwrapSession. * crypto/tls: The ClientSessionState.ResumptionState method and NewResumptionState function may be used by a ClientSessionCache implementation to store and resume sessions on the client side. * crypto/tls: To reduce the potential for session tickets to be used as a tracking mechanism across connections, the server now issues new tickets on every resumption (if they are supported and not disabled) and tickets don't bear an identifier for the key that encrypted them anymore. If passing a large number of keys to Conn.SetSessionTicketKeys, this might lead to a noticeable performance cost. * crypto/tls: Both clients and servers now implement the Extended Master Secret extension (RFC 7627). The deprecation of ConnectionState.TLSUnique has been reverted, and is now set for resumed connections that support Extended Master Secret. * crypto/tls: The new QUICConn type provides support for QUIC implementations, including 0-RTT support. Note that this is not itself a QUIC implementation, and 0-RTT is still not supported in TLS. * crypto/tls: The new VersionName function returns the name for a TLS version number. * crypto/tls: The TLS alert codes sent from the server for client authentication failures have been improved. Previously, these failures always resulted in a 'bad certificate' alert. Now, certain failures will result in more appropriate alert codes, as defined by RFC 5246 and RFC 8446: * crypto/tls: For TLS 1.3 connections, if the server is configured to require client authentication using RequireAnyClientCert or RequireAndVerifyClientCert, and the client does not provide any certificate, the server will now return the 'certificate required' alert. * crypto/tls: If the client provides a certificate that is not signed by the set of trusted certificate authorities configured on the server, the server will return the 'unknown certificate authority' alert. * crypto/tls: If the client provides a certificate that is either expired or not yet valid, the server will return the 'expired certificate' alert. * crypto/tls: In all other scenarios related to client authentication failures, the server still returns 'bad certificate'. * crypto/x509: RevocationList.RevokedCertificates has been deprecated and replaced with the new RevokedCertificateEntries field, which is a slice of RevocationListEntry. RevocationListEntry contains all of the fields in pkix.RevokedCertificate, as well as the revocation reason code. * crypto/x509: Name constraints are now correctly enforced on non-leaf certificates, and not on the certificates where they are expressed. * debug/elf: The new File.DynValue method may be used to retrieve the numeric values listed with a given dynamic tag. * debug/elf: The constant flags permitted in a DT_FLAGS_1 dynamic tag are now defined with type DynFlag1. These tags have names starting with DF_1. * debug/elf: The package now defines the constant COMPRESS_ZSTD. * debug/elf: The package now defines the constant R_PPC64_REL24_P9NOTOC. * debug/pe: Attempts to read from a section containing uninitialized data using Section.Data or the reader returned by Section.Open now return an error. * embed: The io/fs.File returned by FS.Open now has a ReadAt method that implements io.ReaderAt. * embed: Calling FS.Open.Stat will return a type that now implements a String method that calls io/fs.FormatFileInfo. * errors: The new ErrUnsupported error provides a standardized way to indicate that a requested operation may not be performed because it is unsupported. For example, a call to os.Link when using a file system that does not support hard links. * flag: The new BoolFunc function and FlagSet.BoolFunc method define a flag that does not require an argument and calls a function when the flag is used. This is similar to Func but for a boolean flag. * flag: A flag definition (via Bool, BoolVar, Int, IntVar, etc.) will panic if Set has already been called on a flag with the same name. This change is intended to detect cases where changes in initialization order cause flag operations to occur in a different order than expected. In many cases the fix to this problem is to introduce a explicit package dependence to correctly order the definition before any Set operations. * go/ast: The new IsGenerated predicate reports whether a file syntax tree contains the special comment that conventionally indicates that the file was generated by a tool. * go/ast: The new File.GoVersion field records the minimum Go version required by any //go:build or // +build directives. * go/build: The package now parses build directives (comments that start with //go:) in file headers (before the package declaration). These directives are available in the new Package fields Directives, TestDirectives, and XTestDirectives. * go/build/constraint: The new GoVersion function returns the minimum Go version implied by a build expression. * go/token: The new File.Lines method returns the file's line-number table in the same form as accepted by File.SetLines. * go/types: The new Package.GoVersion method returns the Go language version used to check the package. * hash/maphash: The hash/maphash package now has a pure Go implementation, selectable with the purego build tag. * html/template: The new error ErrJSTemplate is returned when an action appears in a JavaScript template literal. Previously an unexported error was returned. * io/fs: The new FormatFileInfo function returns a formatted version of a FileInfo. The new FormatDirEntry function returns a formatted version of a DirEntry. The implementation of DirEntry returned by ReadDir now implements a String method that calls FormatDirEntry, and the same is true for the DirEntry value passed to WalkDirFunc. * math/big: The new Int.Float64 method returns the nearest floating-point value to a multi-precision integer, along with an indication of any rounding that occurred. * net: On Linux, the net package can now use Multipath TCP when the kernel supports it. It is not used by default. To use Multipath TCP when available on a client, call the Dialer.SetMultipathTCP method before calling the Dialer.Dial or Dialer.DialContext methods. To use Multipath TCP when available on a server, call the ListenConfig.SetMultipathTCP method before calling the ListenConfig.Listen method. Specify the network as 'tcp' or 'tcp4' or 'tcp6' as usual. If Multipath TCP is not supported by the kernel or the remote host, the connection will silently fall back to TCP. To test whether a particular connection is using Multipath TCP, use the TCPConn.MultipathTCP method. * net: In a future Go release we may enable Multipath TCP by default on systems that support it. * net/http: The new ResponseController.EnableFullDuplex method allows server handlers to concurrently read from an HTTP/1 request body while writing the response. Normally, the HTTP/1 server automatically consumes any remaining request body before starting to write the response, to avoid deadlocking clients which attempt to write a complete request before reading the response. The EnableFullDuplex method disables this behavior. * net/http: The new ErrSchemeMismatch error is returned by Client and Transport when the server responds to an HTTPS request with an HTTP response. * net/http: The net/http package now supports errors.ErrUnsupported, in that the expression errors.Is(http.ErrNotSupported, errors.ErrUnsupported) will return true. * os: Programs may now pass an empty time.Time value to the Chtimes function to leave either the access time or the modification time unchanged. * os: On Windows the File.Chdir method now changes the current directory to the file, rather than always returning an error. * os: On Unix systems, if a non-blocking descriptor is passed to NewFile, calling the File.Fd method will now return a non-blocking descriptor. Previously the descriptor was converted to blocking mode. * os: On Windows calling Truncate on a non-existent file used to create an empty file. It now returns an error indicating that the file does not exist. * os: On Windows calling TempDir now uses GetTempPath2W when available, instead of GetTempPathW. The new behavior is a security hardening measure that prevents temporary files created by processes running as SYSTEM to be accessed by non-SYSTEM processes. * os: On Windows the os package now supports working with files whose names, stored as UTF-16, can't be represented as valid UTF-8. * os: On Windows Lstat now resolves symbolic links for paths ending with a path separator, consistent with its behavior on POSIX platforms. * os: The implementation of the io/fs.DirEntry interface returned by the ReadDir function and the File.ReadDir method now implements a String method that calls io/fs.FormatDirEntry. * os: The implementation of the io/fs.FS interface returned by the DirFS function now implements the io/fs.ReadFileFS and the io/fs.ReadDirFS interfaces. * path/filepath: The implementation of the io/fs.DirEntry interface passed to the function argument of WalkDir now implements a String method that calls io/fs.FormatDirEntry. * reflect: In Go 1.21, ValueOf no longer forces its argument to be allocated on the heap, allowing a Value's content to be allocated on the stack. Most operations on a Value also allow the underlying value to be stack allocated. * reflect: The new Value method Value.Clear clears the contents of a map or zeros the contents of a slice. This corresponds to the new clear built-in added to the language. * reflect: The SliceHeader and StringHeader types are now deprecated. In new code prefer unsafe.Slice, unsafe.SliceData, unsafe.String, or unsafe.StringData. * regexp: Regexp now defines MarshalText and UnmarshalText methods. These implement encoding.TextMarshaler and encoding.TextUnmarshaler and will be used by packages such as encoding/json. * runtime: Textual stack traces produced by Go programs, such as those produced when crashing, calling runtime.Stack, or collecting a goroutine profile with debug=2, now include the IDs of the goroutines that created each goroutine in the stack trace. * runtime: Crashing Go applications can now opt-in to Windows Error Reporting (WER) by setting the environment variable GOTRACEBACK=wer or calling debug.SetTraceback('wer') before the crash. Other than enabling WER, the runtime will behave as with GOTRACEBACK=crash. On non-Windows systems, GOTRACEBACK=wer is ignored. * runtime: GODEBUG=cgocheck=2, a thorough checker of cgo pointer passing rules, is no longer available as a debug option. Instead, it is available as an experiment using GOEXPERIMENT=cgocheck2. In particular this means that this mode has to be selected at build time instead of startup time. * runtime: GODEBUG=cgocheck=1 is still available (and is still the default). * runtime: A new type Pinner has been added to the runtime package. Pinners may be used to 'pin' Go memory such that it may be used more freely by non-Go code. For instance, passing Go values that reference pinned Go memory to C code is now allowed. Previously, passing any such nested reference was disallowed by the cgo pointer passing rules. See the docs for more details. * runtime/metrics: A few previously-internal GC metrics, such as live heap size, are now available. GOGC and GOMEMLIMIT are also now available as metrics. * runtime/trace: Collecting traces on amd64 and arm64 now incurs a substantially smaller CPU cost: up to a 10x improvement over the previous release. * runtime/trace: Traces now contain explicit stop-the-world events for every reason the Go runtime might stop-the-world, not just garbage collection. * sync: The new OnceFunc, OnceValue, and OnceValues functions capture a common use of Once to lazily initialize a value on first use. * syscall: On Windows the Fchdir function now changes the current directory to its argument, rather than always returning an error. * syscall: On FreeBSD SysProcAttr has a new field Jail that may be used to put the newly created process in a jailed environment. * syscall: On Windows the syscall package now supports working with files whose names, stored as UTF-16, can't be represented as valid UTF-8. The UTF16ToString and UTF16FromString functions now convert between UTF-16 data and WTF-8 strings. This is backward compatible as WTF-8 is a superset of the UTF-8 format that was used in earlier releases. * syscall: Several error values match the new errors.ErrUnsupported, such that errors.Is(err, errors.ErrUnsupported) returns true. ENOSYS ENOTSUP EOPNOTSUPP EPLAN9 (Plan 9 only) ERROR_CALL_NOT_IMPLEMENTED (Windows only) ERROR_NOT_SUPPORTED (Windows only) EWINDOWS (Windows only) * testing: The new -test.fullpath option will print full path names in test log messages, rather than just base names. * testing: The new Testing function reports whether the program is a test created by go test. * testing/fstest: Calling Open.Stat will return a type that now implements a String method that calls io/fs.FormatFileInfo. * unicode: The unicode package and associated support throughout the system has been upgraded to Unicode 15.0.0. * Darwin port: As announced in the Go 1.20 release notes, Go 1.21 requires macOS 10.15 Catalina or later; support for previous versions has been discontinued. * Windows port: As announced in the Go 1.20 release notes, Go 1.21 requires at least Windows 10 or Windows Server 2016; support for previous versions has been discontinued. * WebAssembly port: The new go:wasmimport directive can now be used in Go programs to import functions from the WebAssembly host. * WebAssembly port: The Go scheduler now interacts much more efficiently with the JavaScript event loop, especially in applications that block frequently on asynchronous events. * WebAssembly System Interface port: Go 1.21 adds an experimental port to the WebAssembly System Interface (WASI), Preview 1 (GOOS=wasip1, GOARCH=wasm). * WebAssembly System Interface port: As a result of the addition of the new GOOS value 'wasip1', Go files named *_wasip1.go will now be ignored by Go tools except when that GOOS value is being used. If you have existing filenames matching that pattern, you will need to rename them. * ppc64/ppc64le port: On Linux, GOPPC64=power10 now generates PC-relative instructions, prefixed instructions, and other new Power10 instructions. On AIX, GOPPC64=power10 generates Power10 instructions, but does not generate PC-relative instructions. * ppc64/ppc64le port: When building position-independent binaries for GOPPC64=power10 GOOS=linux GOARCH=ppc64le, users can expect reduced binary sizes in most cases, in some cases 3.5%. Position-independent binaries are built for ppc64le with the following -buildmode values: c-archive, c-shared, shared, pie, plugin. * loong64 port: The linux/loong64 port now supports -buildmode=c-archive, -buildmode=c-shared and -buildmode=pie. * go1.21+ change default GOTOOLCHAIN=auto to local to prevent go tool commands from downloading upstream go1.x toolchain binaries * go1.21+ introduce new default behavior that can download additional versions of go1.x toolchain binaries built by upstream. See https://go.dev/doc/toolchain for details. The go tool would attempt toolchain downloads as needed to satisfy a minimum go version specified in go.mod of the program containing main() or any of its dependencies. * Users can override the default GOTOOLCHAIN setting with go env -w, stored in in ~/.config/go/env. - Add missing go.env to package. go.env sets defaults including: GOPROXY GOSUMDB GOTOOLCHAIN * Starting in go1.21+ a missing go.env defaults to GOPROXY='' resulting in errors e.g. with online cmds e.g. go mod download: 'GOPROXY list is not the empty string, but contains no entries' It is not clear why GOPROXY='' is not evaluated as 'the empty string'. The following package changes have been done: - go1.21-doc-1.21.0-150000.1.3.1 added - go1.21-1.21.0-150000.1.3.1 added - go1.21-race-1.21.0-150000.1.3.1 added - go1.20-1.20.7-150000.1.20.1 removed - go1.20-doc-1.20.7-150000.1.20.1 removed - go1.20-race-1.20.7-150000.1.20.1 removed From sle-updates at lists.suse.com Mon Aug 21 07:06:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Aug 2023 09:06:00 +0200 (CEST) Subject: SUSE-CU-2023:2732-1: Security update of suse/sle15 Message-ID: <20230821070600.F3DB7FDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2732-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.169 , suse/sle15:15.3 , suse/sle15:15.3.17.20.169 Container Release : 17.20.169 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3365-1 Released: Fri Aug 18 20:35:01 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.19.2-150300.13.1 updated From sle-updates at lists.suse.com Mon Aug 21 07:07:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Aug 2023 09:07:08 +0200 (CEST) Subject: SUSE-CU-2023:2733-1: Security update of bci/bci-init Message-ID: <20230821070708.25ABAFDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2733-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.36 Container Release : 29.36 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.19.2-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.88 updated From sle-updates at lists.suse.com Mon Aug 21 07:08:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Aug 2023 09:08:26 +0200 (CEST) Subject: SUSE-CU-2023:2734-1: Security update of suse/pcp Message-ID: <20230821070826.F3B0BFDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2734-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.81 , suse/pcp:5.2 , suse/pcp:5.2-17.81 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.81 Container Release : 17.81 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.19.2-150400.3.6.1 updated - container:bci-bci-init-15.4-15.4-29.36 updated From sle-updates at lists.suse.com Mon Aug 21 07:08:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Aug 2023 09:08:41 +0200 (CEST) Subject: SUSE-CU-2023:2735-1: Security update of suse/postgres Message-ID: <20230821070841.552BDFDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2735-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.42 , suse/postgres:14.9 , suse/postgres:14.9-22.42 Container Release : 22.42 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.19.2-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.88 updated From sle-updates at lists.suse.com Mon Aug 21 07:09:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Aug 2023 09:09:36 +0200 (CEST) Subject: SUSE-CU-2023:2736-1: Security update of bci/python Message-ID: <20230821070936.E4A53FDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2736-1 Container Tags : bci/python:3 , bci/python:3-15.34 , bci/python:3.10 , bci/python:3.10-15.34 Container Release : 15.34 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.19.2-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.88 updated From sle-updates at lists.suse.com Mon Aug 21 07:09:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Aug 2023 09:09:40 +0200 (CEST) Subject: SUSE-CU-2023:2737-1: Security update of suse/nginx Message-ID: <20230821070940.9571DFDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2737-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-3.9 , suse/nginx:latest Container Release : 3.9 Severity : important Type : security References : 1206627 1213189 1213514 1213517 1213853 1214054 CVE-2022-41409 CVE-2023-36054 CVE-2023-3817 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2023:3146-1 Released: Wed Aug 2 09:45:25 2023 Summary: Optional update for mono-core, ghc, ghc-xml-conduit, gstreamer, poppler and python-mccabe Type: optional Severity: low References: This optional update provides the following feature: - Add additional binaries to PackageHub: mono-core, ghc, ghc-xml-conduit, gstreamer, poppler and python-mccabe. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - login_defs-4.8.1-150400.10.9.1 updated - libopenssl1_1-1.1.1l-150500.17.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.15.1 updated - krb5-1.20.1-150500.3.3.1 updated - shadow-4.8.1-150400.10.9.1 updated - libpcre2-8-0-10.39-150400.4.9.1 updated - libwebp7-1.0.3-150200.3.7.3 updated - container:sles15-image-15.0.0-36.5.25 updated From sle-updates at lists.suse.com Mon Aug 21 07:10:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Aug 2023 09:10:32 +0200 (CEST) Subject: SUSE-CU-2023:2738-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230821071032.53A5CFDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2738-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.439 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.439 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3365-1 Released: Fri Aug 18 20:35:01 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.19.2-150300.13.1 updated - container:sles15-image-15.0.0-17.20.169 updated From sle-updates at lists.suse.com Mon Aug 21 07:11:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Aug 2023 09:11:14 +0200 (CEST) Subject: SUSE-CU-2023:2739-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230821071114.47DDBFDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2739-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.261 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.261 Severity : important Type : security References : 1214054 CVE-2023-36054 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3365-1 Released: Fri Aug 18 20:35:01 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) The following package changes have been done: - krb5-1.19.2-150300.13.1 updated - container:sles15-image-15.0.0-17.20.169 updated From sle-updates at lists.suse.com Mon Aug 21 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Aug 2023 12:30:02 -0000 Subject: SUSE-RU-2023:3367-1: important: Recommended update for gnu-efi Message-ID: <169262100215.1213.16584313680782612652@smelt2.suse.de> # Recommended update for gnu-efi Announcement ID: SUSE-RU-2023:3367-1 Rating: important References: * #1213923 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for gnu-efi fixes the following issues: * Add the non-executable GNU stack marking on ELF-linux (bsc#1213923) * Disable parallel builds to work around build failure on i586 and aarch64 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3367=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 x86_64) * gnu-efi-3.0.3-8.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213923 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 07:03:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 09:03:42 +0200 (CEST) Subject: SUSE-CU-2023:2740-1: Security update of bci/openjdk-devel Message-ID: <20230822070342.EA095FDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2740-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.61 Container Release : 8.61 Severity : important Type : security References : 1211198 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3319-1 Released: Tue Aug 15 10:45:11 2023 Summary: Feature update for Maven Type: feature Severity: moderate References: 1211198 This update for aopalliance, beust-jcommander, maven, maven-install-plugin, maven-resolver, maven-wagon, plexus-utils, sbt and xmvn fixes the following issues: aopalliance: - Include in SUSE Linux Enterprise 15 Service Pack 5: Dependency needed by Maven (no source changes) beust-jcommander: - Version update from 1.71 to 1.82 (jsc#SLE-23217): * Add a test for Parameter order usage * Add a test for Path converter * Add automatic module name to manifest * Add check if Boolean parameter is default null, then do not flip value * Add testing modules * Add format tests for DefaultUsageFormatter, UnixStyleUsageFormatter * Add testing for UnixStyleUsageFormatter * Add unix-style formatter, allow DefaultUsageFormatter to be extended easier * Allow generics of type and in parameters * Allow main parameters to be a single field. * Allow System.out to be replaced by something else (f.e. System.err) * Allow UsageFormatter to be set in JCommander Builder * Change UsageFormatter into an interface * Clean up DefaultUsageFormatter * Create MyDelegate.java * Create UsageFormatter (preliminary) * Enable usage() ordering for DynamicParameter * Encapsulate MainParameter. * Encode user input to massage error message * Expose more of the UsageFormatter implementations * Fields annotated with @ParametersDelegate are now allowed to be final. * Fixed bug when parsing arguments is ignoring case sensitivity option * Fix error message when failing to convert a Path * Fix locale-related issues in usage formatter tests * Get boolean/Boolean getter with 'is' prefix * Implement Environment Variable Default Provider * Make console configurable by JCommander.Builder * Make UsageFormatter abstract, Create DefaultUsageFormatter * Only one DefaultConverterFactory * Remove String.join usage - resolves #381 * Remove the generic in IStringConverterFactory * Restrict access to JCommander.Options again * Support arity for main parameters. * Update DefaultParameterizedParser.java * Update IParameterizedParser.java * Update JCommander.java * usage() hides 'Comments:' header when only hidden commands exist * Use Builder API as constructor is deprecated * Use get default getter approach if is method is not found * Upgrade needed by new code in xmvn 4.2.0 maven: - Version update from 3.8.6 to 3.9.2 (jsc#SLE-23217): * Fix interpolated properties in originalModel in an active profile. * Fix java.lang.NullPointerException at org.apache.maven.repository.internal.DefaultModelCache.newInstance (DefaultModelCache.java:37) * Issue a warning if plugin depends on maven-compat * Add more information when using `-Dmaven.repo.local.recordReverseTree=true` * Improvement and extension of plugin validation * Don't fingerprint Sigstore signatures (like GPG) * Print suppressed exceptions when a mojo fails * Upgrade animal-sniffer from 1.21 to 1.23 * Fix issue with Maven CLI not working (bsc#1211198) * Maven Wagon upgrade * Minimum Java version to use with Maven 3.9.0 is raised to Java 8. * With Java 8, upgrade of several key dependencies became possible as well. * Several backports from Maven 4.x line. * Cutting ties with Maven 2 backward compatibility, preparing grounds for Maven 4. * The Maven Resolver transport has changed from Wagon to ???native HTTP???, see Resolver Transport guide. * Maven 2.x was auto-injecting an ancient version of plexus-utils dependency into the plugin classpath, and Maven 3.x continued doing this to preserve backward compatibility. Starting with Maven 3.9, it does not happen anymore. This change may lead to plugin breakage. The fix for affected plugin maintainers is to explicitly declare a dependency on plexus-utils. The workaround for affected plugin users is to add this dependency to plugin dependencies until issue is fixed by the affected plugin maintainer. * Mojos are prevented to boostrap new instance of RepositorySystem (for example by using deprecated ServiceLocator), they should reuse RepositorySystem instance provided by Maven instead. See MNG-7471. * Each line in .mvn/maven.config is now interpreted as a single argument. That is, if the file contains multiple arguments, these must now be placed on separate lines, see MNG-7684. * General performance and other fixes maven-install-plugin: - Version upgrade from 3.0.0 to 3.1.1 (jsc#SLE-23217): * Use proper repositorySystemSession * Upgrade Parent to 39 * Add parameter to lax project validation * installAtEnd when module does not use maven-install-plugin * Don't use metadata from main artifact to fetch pom.xml * Install all artifacts in one request * Require Java 8 * Cleanup IT tests * Upgrade Parent to 37 * Bump mockito-core from 2.28.2 to 4.8.1 * Generated POM is not installed if original POM exists * Remove a lot of checksum related dead code and commented out tests * Create GitHub Actions * Use shared GH Actions * Update plugin (requires Maven 3.2.5+) * Upgrade maven-plugin parent to 36 * Install At End feature (no extension) * Streamline the plugin by maven-resolver: - Version upgrade from 1.7.3 to 1.9.12 (jsc#SLE-23217): * Bug fixes: + Fix unreliable TCP and retries on upload + Fix ConflictResolver STANDARD verbosity + Fix duplicate METADATA_DOWNLOADING event being sent + Disable checksum by default for .sigstore in addition to .asc + Fix conflict resolution in verbose mode is sensitive to version ordering + Fix SslConfig httpSecurityMode change is not detected + Fix Preemptive Auth broken when default ports used + Fix regression suddenly seeing I/O errors under windows aborting the build + Fix static name mapper unusable with file-lock factory + Fix 'IllegalArgumentException: Comparison method violates its general contract!' + Fix DF collector enters endless loop when collecting org.webjars.npm:musquette:1.1.1 + Fix javax.inject should be provided or optional + Evaluate blocked repositories also when retrieving metadata + Fix PrefixesRemoteRepositoryFilterSource aborts the build while it should not + Fix Artifact file permission + FileProcessor.write( File, InputStream ) is defunct + Fix documented and used param names mismatch + Fix JapiCmp configuration and document it + m-deploy-p will create hashes for hashes + Fix discrepancy between produced and recognized checksums + Resolver checksum calculation should be driven by layout + When no remote checksums provided by layout, transfer inevitably fails/warns + Fix usage of descriptors map in DataPool prevents gargabe collection * New features: + Make aether.checksums.algorithms settable per remote repository + Lock factory provides lock states on failure + Support parallel artifact/metadata uploads + Support parallel deploy + Chained LRM + Support forcing specific repositories for artifacts + Apply artifact checksum verification for any resolved artifact + Introduce Remote Repository Filter feature + Introduce trusted checksums source + Resolver post-processor + Introduce RepositorySystem shutdown hooks + Make it possible to resolve .asc on a 'fail' respository. * Dependency upgrades: + Remove Guava (is unused) + Upgrade Parent to 39 + Update dependencies, align with Maven + Update parent POM to 37, remove plugin version overrides, update bnd + Upgrade invoker, install, deploy, require maven 3.8.4+ + Upgrade Redisson to 3.17.5 + Update Hazelcast to 5.1.1 in named-locks-hazelcast module maven-wagon: - Version upgrade from 3.2.0 to 3.5.3 (jsc#SLE-23217): * Bug fixes: + Fix Maven deploy fails with 401 Unauthorized when using ?? in password + Default connect timeout not set when no HttpMethodConfiguration is available + Maven transfer speed of large artifacts is slow due to unsuitable buffer strategy + Explicitly register only supported auth schemes + Switch to modern-day encoding (UTF-8) of auth credentials + HttpWagon TTL not set + Upgrade HttpCore to 4.4.11 + Upgrade HttpClient to 4.5.7 + Upgrade Commons Net to 3.6 + Upgrade JSoup to 1.11.3 + Uprade JSch to 0.1.55 + Replace Commons Codec with Plexus Utils + Upgrade Plexus Classworlds to 2.6.0 + Tests with checkin rely on global Git config + Use java.nio.file.Path for URI construction of file:// URI in tests + Skip parsing of user info for file:// URLs + Integer overflow prevents optimal buffer size selection for large artifacts + Upgrade Plexus Interactivity to 1.0 + Upgrade Plexus Utils to 3.2.0 + Upgrade JSoup to 1.12.1 + Upgrade HttpClient to 4.5.9 + SSH connection failure because 'preferredAuthentications' option is ignored if password isn't set + Provide request retry strategy on transient client and server side errors + Fail to deploy on Sonatype OSS since Maven 3.5.4 + Inconsistent encoding behavior for repository URLs with spaces + Use RedirectStrategy from HttpClient rather than a custom approach + Rename RequestEntityImplementation to WagonHttpEntity + EntityUtils.consumeQuietly() never called on non-2xx status codes + Retry handler docs are possibly wrong + Upgrade HttpCore to 4.4.13 + Upgrade HttpClient to 4.5.11 + Handle SC_UNAUTHORIZED and SC_PROXY_AUTHENTICATION_REQUIRED in all methods + Improve and unify exception messages by status code types throughout HTTP providers + Upgrade HttpClient to 4.5.12 + HttpMethodConfiguration#copy() performs a shallow copy only + Update parent POM + Handle 404 and 410 consistently in HTTP-based Wagon providers + Transfer event is not restarted when request is redirected + Fix Wagon failing when compiled on Java 9+ and run on Java 8 due to JDK API breakage + Remove non-existent cache header + Fix http.route.default-proxy config property never passes protocol and port of proxy server + Add configuration property 'http.protocol.handle-content-compression' + Add configuration property 'http.protocol.handle-uri-normalization' + Fix self-assignment and set class field + [Regression] Preserve trailing slash in encoded URL + Upgrade HttpCore to 4.4.14 + Upgrade HttpClient to 4.5.13 + Upgrade transitive Commons Codec to 1.15 * Improvements: + Properly handle authentication scenarios with MKCOL * Deprecations: + Remove shading of JSoup + Deprecate Wagon FTP Provider + Deprecate Wagon HTTP Lightweight Provider + Deprecate Wagon SSH Provider + Deprecate Wagon WebDAV Provider + Remove HTTP file listing with JSoup * Dependency upgrades: + Upgrade SLF4J to 1.7.32 + Upgrade JUnit to 4.13.2 + Upgrade Plexus Interactivity to 1.1 + Upgrade HttpCore to 4.4.15 + Upgrade and clean up dependencies plexus-utils: - Version update from 3.4.0 to 3.5.0 (jsc#SLE-23217): * Don't throw IOException when none is required * Always preserve dominant node value (even if empty) * Don't overwrite blank (but non-empty) dominant values during mergeXpp3Dom * Deprecate isEmpty(String) and isNotEmpty(String) in favour of same named * isEmpty(String) must not return false for whitespace-only values * Get rid maven-plugin-testing-harness from dependency * Provides a CachingOuptutStream and a CachingWriter * Use (already) precalculated value * MXParser fixes * Fix last modified time not being updated on linux * Fix regression and deprecate: FileUtils.fileAppend should create file * Fix some testing XML files checkout with incorrect eol * Fixed regressions: #163 and #194 * Don't ignore valid SCM files * Fix regression causingencoding error when parsing a ISO-8859-1 xml sbt: - Fix build against maven 3.9.2 (jsc#SLE-23217) xmvn: - Version update from 4.0.0 to 4.2.0 (jsc#SLE-23217): * Make XMvn Resolver log to XMvn Logger * Make XMvn Subst log to XMvn Logger * Depend on junit-jupiter-api instead of junit-jupiter * Suppress deprecation warnings in MavenExtensionTest * Remove XMvn Connector dependency on Plexus Utils * Remove XMvn MOJO dependency on Plexus Utils * Port XMvn MOJO from Xpp3Dom to StAX * Update Maven to version 3.9.1 * Don't pass duplicate --patch-module to javadoc * Make Javadoc MOJO respect ignoreJPMS configuration flag * Propagate javadoc output througt Logger * Remove dependency on Plexus Classworlds * Remove unneeded managed dependency on maven-invoker * Use ServiceLocator to find Logger * Use parametrized logging feature * Use XMvn Logger instead of Plexus Logger * Get rid of Slf4jLoggerAdapter * Drop support for Gossip logger * Move XMvn Logger to API module * Ignore JPMS when all modules are automatic * Refactor Javadoc MOJO * Make Javadoc not fail when no sources are found * Add an integration test for javadoc generation with module-info.java but no sources * Add an integration test for javadoc generation with Automatic-Module-Name * Make Javadoc MOJO work in case one of JPMS modules has no sources * Prioritize certain XMvn components over Maven components * Port XMvn MOJO to JSR-330 * Refactor XMvnMojoExecutionConfigurator * Make builddep MOJO compatible with Maven 4 * Port to JSR-330 * Get rid of ModelProcessor * Refactor XMvnModelValidator * Refactor XMvnToolchainManager * Convert lambda to method reference * Improve Javadoc MOJO JPMS support * Add a test case for JPMS javadoc generation with remote dependencies * Add a test case for JPMS multimodule javadoc generation * Exclude src/test/resources-filtered/** from RAT * Fix scope of xmvn-mojo dependency on plexus-utils * `--module-path` not allowed with release=8 * Mimic maven-javadoc-plugin for -source and --release * testJavadocJPMS needs a modular java * Let modello generate source 8 * Add a jdk9+ profile to assure that we are jdk8 compatible * Revert 'Use new Collection methods added in Java 9' * Revert 'Update compiler source/target to JDK 11' * Restore possibility to build with Java 8 * Simple implementation of toolchains https://github.com/fedora-java/xmvn/issues/142 * Port to Modello 2.0.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - aopalliance-1.0-150200.3.8.3 added - libpcre2-8-0-10.39-150400.4.9.1 updated - maven-resolver-api-1.9.12-150200.3.11.6 updated - plexus-utils-3.5.1-150200.3.8.3 updated - maven-resolver-util-1.9.12-150200.3.11.6 updated - maven-resolver-spi-1.9.12-150200.3.11.6 updated - maven-wagon-provider-api-3.5.3-150200.3.8.6 updated - maven-resolver-named-locks-1.9.12-150200.3.11.6 updated - maven-resolver-transport-file-1.9.12-150200.3.11.6 added - maven-resolver-connector-basic-1.9.12-150200.3.11.6 updated - maven-wagon-file-3.5.3-150200.3.8.6 updated - maven-resolver-transport-wagon-1.9.12-150200.3.11.6 updated - maven-wagon-http-shared-3.5.3-150200.3.8.6 updated - maven-resolver-impl-1.9.12-150200.3.11.6 updated - maven-resolver-transport-http-1.9.12-150200.3.11.6 added - maven-wagon-http-3.5.3-150200.3.8.6 updated - maven-lib-3.9.2-150200.4.15.6 updated - maven-3.9.2-150200.4.15.6 updated - container:bci-openjdk-11-15.5.11-9.29 updated From sle-updates at lists.suse.com Tue Aug 22 07:03:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 09:03:56 +0200 (CEST) Subject: SUSE-CU-2023:2742-1: Security update of bci/openjdk-devel Message-ID: <20230822070356.6974AFDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2742-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.58 , bci/openjdk-devel:latest Container Release : 10.58 Severity : important Type : security References : 1211198 1213514 1214054 CVE-2022-41409 CVE-2023-36054 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3319-1 Released: Tue Aug 15 10:45:11 2023 Summary: Feature update for Maven Type: feature Severity: moderate References: 1211198 This update for aopalliance, beust-jcommander, maven, maven-install-plugin, maven-resolver, maven-wagon, plexus-utils, sbt and xmvn fixes the following issues: aopalliance: - Include in SUSE Linux Enterprise 15 Service Pack 5: Dependency needed by Maven (no source changes) beust-jcommander: - Version update from 1.71 to 1.82 (jsc#SLE-23217): * Add a test for Parameter order usage * Add a test for Path converter * Add automatic module name to manifest * Add check if Boolean parameter is default null, then do not flip value * Add testing modules * Add format tests for DefaultUsageFormatter, UnixStyleUsageFormatter * Add testing for UnixStyleUsageFormatter * Add unix-style formatter, allow DefaultUsageFormatter to be extended easier * Allow generics of type and in parameters * Allow main parameters to be a single field. * Allow System.out to be replaced by something else (f.e. System.err) * Allow UsageFormatter to be set in JCommander Builder * Change UsageFormatter into an interface * Clean up DefaultUsageFormatter * Create MyDelegate.java * Create UsageFormatter (preliminary) * Enable usage() ordering for DynamicParameter * Encapsulate MainParameter. * Encode user input to massage error message * Expose more of the UsageFormatter implementations * Fields annotated with @ParametersDelegate are now allowed to be final. * Fixed bug when parsing arguments is ignoring case sensitivity option * Fix error message when failing to convert a Path * Fix locale-related issues in usage formatter tests * Get boolean/Boolean getter with 'is' prefix * Implement Environment Variable Default Provider * Make console configurable by JCommander.Builder * Make UsageFormatter abstract, Create DefaultUsageFormatter * Only one DefaultConverterFactory * Remove String.join usage - resolves #381 * Remove the generic in IStringConverterFactory * Restrict access to JCommander.Options again * Support arity for main parameters. * Update DefaultParameterizedParser.java * Update IParameterizedParser.java * Update JCommander.java * usage() hides 'Comments:' header when only hidden commands exist * Use Builder API as constructor is deprecated * Use get default getter approach if is method is not found * Upgrade needed by new code in xmvn 4.2.0 maven: - Version update from 3.8.6 to 3.9.2 (jsc#SLE-23217): * Fix interpolated properties in originalModel in an active profile. * Fix java.lang.NullPointerException at org.apache.maven.repository.internal.DefaultModelCache.newInstance (DefaultModelCache.java:37) * Issue a warning if plugin depends on maven-compat * Add more information when using `-Dmaven.repo.local.recordReverseTree=true` * Improvement and extension of plugin validation * Don't fingerprint Sigstore signatures (like GPG) * Print suppressed exceptions when a mojo fails * Upgrade animal-sniffer from 1.21 to 1.23 * Fix issue with Maven CLI not working (bsc#1211198) * Maven Wagon upgrade * Minimum Java version to use with Maven 3.9.0 is raised to Java 8. * With Java 8, upgrade of several key dependencies became possible as well. * Several backports from Maven 4.x line. * Cutting ties with Maven 2 backward compatibility, preparing grounds for Maven 4. * The Maven Resolver transport has changed from Wagon to ???native HTTP???, see Resolver Transport guide. * Maven 2.x was auto-injecting an ancient version of plexus-utils dependency into the plugin classpath, and Maven 3.x continued doing this to preserve backward compatibility. Starting with Maven 3.9, it does not happen anymore. This change may lead to plugin breakage. The fix for affected plugin maintainers is to explicitly declare a dependency on plexus-utils. The workaround for affected plugin users is to add this dependency to plugin dependencies until issue is fixed by the affected plugin maintainer. * Mojos are prevented to boostrap new instance of RepositorySystem (for example by using deprecated ServiceLocator), they should reuse RepositorySystem instance provided by Maven instead. See MNG-7471. * Each line in .mvn/maven.config is now interpreted as a single argument. That is, if the file contains multiple arguments, these must now be placed on separate lines, see MNG-7684. * General performance and other fixes maven-install-plugin: - Version upgrade from 3.0.0 to 3.1.1 (jsc#SLE-23217): * Use proper repositorySystemSession * Upgrade Parent to 39 * Add parameter to lax project validation * installAtEnd when module does not use maven-install-plugin * Don't use metadata from main artifact to fetch pom.xml * Install all artifacts in one request * Require Java 8 * Cleanup IT tests * Upgrade Parent to 37 * Bump mockito-core from 2.28.2 to 4.8.1 * Generated POM is not installed if original POM exists * Remove a lot of checksum related dead code and commented out tests * Create GitHub Actions * Use shared GH Actions * Update plugin (requires Maven 3.2.5+) * Upgrade maven-plugin parent to 36 * Install At End feature (no extension) * Streamline the plugin by maven-resolver: - Version upgrade from 1.7.3 to 1.9.12 (jsc#SLE-23217): * Bug fixes: + Fix unreliable TCP and retries on upload + Fix ConflictResolver STANDARD verbosity + Fix duplicate METADATA_DOWNLOADING event being sent + Disable checksum by default for .sigstore in addition to .asc + Fix conflict resolution in verbose mode is sensitive to version ordering + Fix SslConfig httpSecurityMode change is not detected + Fix Preemptive Auth broken when default ports used + Fix regression suddenly seeing I/O errors under windows aborting the build + Fix static name mapper unusable with file-lock factory + Fix 'IllegalArgumentException: Comparison method violates its general contract!' + Fix DF collector enters endless loop when collecting org.webjars.npm:musquette:1.1.1 + Fix javax.inject should be provided or optional + Evaluate blocked repositories also when retrieving metadata + Fix PrefixesRemoteRepositoryFilterSource aborts the build while it should not + Fix Artifact file permission + FileProcessor.write( File, InputStream ) is defunct + Fix documented and used param names mismatch + Fix JapiCmp configuration and document it + m-deploy-p will create hashes for hashes + Fix discrepancy between produced and recognized checksums + Resolver checksum calculation should be driven by layout + When no remote checksums provided by layout, transfer inevitably fails/warns + Fix usage of descriptors map in DataPool prevents gargabe collection * New features: + Make aether.checksums.algorithms settable per remote repository + Lock factory provides lock states on failure + Support parallel artifact/metadata uploads + Support parallel deploy + Chained LRM + Support forcing specific repositories for artifacts + Apply artifact checksum verification for any resolved artifact + Introduce Remote Repository Filter feature + Introduce trusted checksums source + Resolver post-processor + Introduce RepositorySystem shutdown hooks + Make it possible to resolve .asc on a 'fail' respository. * Dependency upgrades: + Remove Guava (is unused) + Upgrade Parent to 39 + Update dependencies, align with Maven + Update parent POM to 37, remove plugin version overrides, update bnd + Upgrade invoker, install, deploy, require maven 3.8.4+ + Upgrade Redisson to 3.17.5 + Update Hazelcast to 5.1.1 in named-locks-hazelcast module maven-wagon: - Version upgrade from 3.2.0 to 3.5.3 (jsc#SLE-23217): * Bug fixes: + Fix Maven deploy fails with 401 Unauthorized when using ?? in password + Default connect timeout not set when no HttpMethodConfiguration is available + Maven transfer speed of large artifacts is slow due to unsuitable buffer strategy + Explicitly register only supported auth schemes + Switch to modern-day encoding (UTF-8) of auth credentials + HttpWagon TTL not set + Upgrade HttpCore to 4.4.11 + Upgrade HttpClient to 4.5.7 + Upgrade Commons Net to 3.6 + Upgrade JSoup to 1.11.3 + Uprade JSch to 0.1.55 + Replace Commons Codec with Plexus Utils + Upgrade Plexus Classworlds to 2.6.0 + Tests with checkin rely on global Git config + Use java.nio.file.Path for URI construction of file:// URI in tests + Skip parsing of user info for file:// URLs + Integer overflow prevents optimal buffer size selection for large artifacts + Upgrade Plexus Interactivity to 1.0 + Upgrade Plexus Utils to 3.2.0 + Upgrade JSoup to 1.12.1 + Upgrade HttpClient to 4.5.9 + SSH connection failure because 'preferredAuthentications' option is ignored if password isn't set + Provide request retry strategy on transient client and server side errors + Fail to deploy on Sonatype OSS since Maven 3.5.4 + Inconsistent encoding behavior for repository URLs with spaces + Use RedirectStrategy from HttpClient rather than a custom approach + Rename RequestEntityImplementation to WagonHttpEntity + EntityUtils.consumeQuietly() never called on non-2xx status codes + Retry handler docs are possibly wrong + Upgrade HttpCore to 4.4.13 + Upgrade HttpClient to 4.5.11 + Handle SC_UNAUTHORIZED and SC_PROXY_AUTHENTICATION_REQUIRED in all methods + Improve and unify exception messages by status code types throughout HTTP providers + Upgrade HttpClient to 4.5.12 + HttpMethodConfiguration#copy() performs a shallow copy only + Update parent POM + Handle 404 and 410 consistently in HTTP-based Wagon providers + Transfer event is not restarted when request is redirected + Fix Wagon failing when compiled on Java 9+ and run on Java 8 due to JDK API breakage + Remove non-existent cache header + Fix http.route.default-proxy config property never passes protocol and port of proxy server + Add configuration property 'http.protocol.handle-content-compression' + Add configuration property 'http.protocol.handle-uri-normalization' + Fix self-assignment and set class field + [Regression] Preserve trailing slash in encoded URL + Upgrade HttpCore to 4.4.14 + Upgrade HttpClient to 4.5.13 + Upgrade transitive Commons Codec to 1.15 * Improvements: + Properly handle authentication scenarios with MKCOL * Deprecations: + Remove shading of JSoup + Deprecate Wagon FTP Provider + Deprecate Wagon HTTP Lightweight Provider + Deprecate Wagon SSH Provider + Deprecate Wagon WebDAV Provider + Remove HTTP file listing with JSoup * Dependency upgrades: + Upgrade SLF4J to 1.7.32 + Upgrade JUnit to 4.13.2 + Upgrade Plexus Interactivity to 1.1 + Upgrade HttpCore to 4.4.15 + Upgrade and clean up dependencies plexus-utils: - Version update from 3.4.0 to 3.5.0 (jsc#SLE-23217): * Don't throw IOException when none is required * Always preserve dominant node value (even if empty) * Don't overwrite blank (but non-empty) dominant values during mergeXpp3Dom * Deprecate isEmpty(String) and isNotEmpty(String) in favour of same named * isEmpty(String) must not return false for whitespace-only values * Get rid maven-plugin-testing-harness from dependency * Provides a CachingOuptutStream and a CachingWriter * Use (already) precalculated value * MXParser fixes * Fix last modified time not being updated on linux * Fix regression and deprecate: FileUtils.fileAppend should create file * Fix some testing XML files checkout with incorrect eol * Fixed regressions: #163 and #194 * Don't ignore valid SCM files * Fix regression causingencoding error when parsing a ISO-8859-1 xml sbt: - Fix build against maven 3.9.2 (jsc#SLE-23217) xmvn: - Version update from 4.0.0 to 4.2.0 (jsc#SLE-23217): * Make XMvn Resolver log to XMvn Logger * Make XMvn Subst log to XMvn Logger * Depend on junit-jupiter-api instead of junit-jupiter * Suppress deprecation warnings in MavenExtensionTest * Remove XMvn Connector dependency on Plexus Utils * Remove XMvn MOJO dependency on Plexus Utils * Port XMvn MOJO from Xpp3Dom to StAX * Update Maven to version 3.9.1 * Don't pass duplicate --patch-module to javadoc * Make Javadoc MOJO respect ignoreJPMS configuration flag * Propagate javadoc output througt Logger * Remove dependency on Plexus Classworlds * Remove unneeded managed dependency on maven-invoker * Use ServiceLocator to find Logger * Use parametrized logging feature * Use XMvn Logger instead of Plexus Logger * Get rid of Slf4jLoggerAdapter * Drop support for Gossip logger * Move XMvn Logger to API module * Ignore JPMS when all modules are automatic * Refactor Javadoc MOJO * Make Javadoc not fail when no sources are found * Add an integration test for javadoc generation with module-info.java but no sources * Add an integration test for javadoc generation with Automatic-Module-Name * Make Javadoc MOJO work in case one of JPMS modules has no sources * Prioritize certain XMvn components over Maven components * Port XMvn MOJO to JSR-330 * Refactor XMvnMojoExecutionConfigurator * Make builddep MOJO compatible with Maven 4 * Port to JSR-330 * Get rid of ModelProcessor * Refactor XMvnModelValidator * Refactor XMvnToolchainManager * Convert lambda to method reference * Improve Javadoc MOJO JPMS support * Add a test case for JPMS javadoc generation with remote dependencies * Add a test case for JPMS multimodule javadoc generation * Exclude src/test/resources-filtered/** from RAT * Fix scope of xmvn-mojo dependency on plexus-utils * `--module-path` not allowed with release=8 * Mimic maven-javadoc-plugin for -source and --release * testJavadocJPMS needs a modular java * Let modello generate source 8 * Add a jdk9+ profile to assure that we are jdk8 compatible * Revert 'Use new Collection methods added in Java 9' * Revert 'Update compiler source/target to JDK 11' * Restore possibility to build with Java 8 * Simple implementation of toolchains https://github.com/fedora-java/xmvn/issues/142 * Port to Modello 2.0.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). The following package changes have been done: - krb5-1.20.1-150500.3.3.1 updated - aopalliance-1.0-150200.3.8.3 added - libpcre2-8-0-10.39-150400.4.9.1 updated - maven-resolver-api-1.9.12-150200.3.11.6 updated - plexus-utils-3.5.1-150200.3.8.3 updated - maven-resolver-util-1.9.12-150200.3.11.6 updated - maven-resolver-spi-1.9.12-150200.3.11.6 updated - maven-wagon-provider-api-3.5.3-150200.3.8.6 updated - maven-resolver-named-locks-1.9.12-150200.3.11.6 updated - maven-resolver-transport-file-1.9.12-150200.3.11.6 added - maven-resolver-connector-basic-1.9.12-150200.3.11.6 updated - maven-wagon-file-3.5.3-150200.3.8.6 updated - maven-resolver-transport-wagon-1.9.12-150200.3.11.6 updated - maven-wagon-http-shared-3.5.3-150200.3.8.6 updated - maven-resolver-impl-1.9.12-150200.3.11.6 updated - maven-resolver-transport-http-1.9.12-150200.3.11.6 added - maven-wagon-http-3.5.3-150200.3.8.6 updated - maven-lib-3.9.2-150200.4.15.6 updated - maven-3.9.2-150200.4.15.6 updated - container:bci-openjdk-17-15.5.17-10.29 updated From sle-updates at lists.suse.com Tue Aug 22 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 12:30:06 -0000 Subject: SUSE-RU-2023:3373-1: moderate: Recommended update for rsyslog Message-ID: <169270740634.22798.452844713131870064@smelt2.suse.de> # Recommended update for rsyslog Announcement ID: SUSE-RU-2023:3373-1 Rating: moderate References: * #1211757 * #1213212 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has two recommended fixes can now be installed. ## Description: This update for rsyslog fixes the following issues: * Fix removal of imfile state files (bsc#1213212) * Fix segfaults in modExit() of imklog.c (bsc#1211757) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3373=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3373=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3373=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3373=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3373=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3373=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3373=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3373=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3373=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3373=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Manager Proxy 4.2 (x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * rsyslog-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-8.2106.0-150200.4.40.1 * rsyslog-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-8.2106.0-150200.4.40.1 * rsyslog-module-gtls-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-8.2106.0-150200.4.40.1 * rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-relp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-udpspoof-8.2106.0-150200.4.40.1 * rsyslog-module-relp-8.2106.0-150200.4.40.1 * rsyslog-debugsource-8.2106.0-150200.4.40.1 * rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.40.1 * rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.40.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211757 * https://bugzilla.suse.com/show_bug.cgi?id=1213212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 12:30:08 -0000 Subject: SUSE-RU-2023:3372-1: moderate: Recommended update for rsyslog Message-ID: <169270740853.22798.18021454128754029916@smelt2.suse.de> # Recommended update for rsyslog Announcement ID: SUSE-RU-2023:3372-1 Rating: moderate References: * #1211757 * #1213212 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for rsyslog fixes the following issues: * Fix removal of imfile state files (bsc#1213212) * Fix segfaults in modExit() of imklog.c (bsc#1211757) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3372=1 openSUSE-SLE-15.4-2023-3372=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3372=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3372=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3372=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3372=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3372=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rsyslog-module-elasticsearch-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-omamqp1-8.2306.0-150400.5.18.1 * rsyslog-module-gcrypt-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-kafka-8.2306.0-150400.5.18.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-pgsql-8.2306.0-150400.5.18.1 * rsyslog-module-kafka-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-doc-8.2306.0-150400.5.18.1 * rsyslog-diag-tools-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-omhttpfs-8.2306.0-150400.5.18.1 * rsyslog-module-gcrypt-8.2306.0-150400.5.18.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.18.1 * rsyslog-module-omtcl-8.2306.0-150400.5.18.1 * rsyslog-module-gssapi-8.2306.0-150400.5.18.1 * rsyslog-module-dbi-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-omamqp1-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-gtls-8.2306.0-150400.5.18.1 * rsyslog-module-elasticsearch-8.2306.0-150400.5.18.1 * rsyslog-module-omhttpfs-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-diag-tools-8.2306.0-150400.5.18.1 * rsyslog-debugsource-8.2306.0-150400.5.18.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.18.1 * rsyslog-module-snmp-8.2306.0-150400.5.18.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-mysql-8.2306.0-150400.5.18.1 * rsyslog-module-ossl-8.2306.0-150400.5.18.1 * rsyslog-8.2306.0-150400.5.18.1 * rsyslog-module-relp-8.2306.0-150400.5.18.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-dbi-8.2306.0-150400.5.18.1 * rsyslog-module-omtcl-debuginfo-8.2306.0-150400.5.18.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rsyslog-module-elasticsearch-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-omamqp1-8.2306.0-150400.5.18.1 * rsyslog-module-gcrypt-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-kafka-8.2306.0-150400.5.18.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-pgsql-8.2306.0-150400.5.18.1 * rsyslog-module-kafka-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-doc-8.2306.0-150400.5.18.1 * rsyslog-diag-tools-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-omhttpfs-8.2306.0-150400.5.18.1 * rsyslog-module-gcrypt-8.2306.0-150400.5.18.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.18.1 * rsyslog-module-omtcl-8.2306.0-150400.5.18.1 * rsyslog-module-gssapi-8.2306.0-150400.5.18.1 * rsyslog-module-dbi-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-omamqp1-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-gtls-8.2306.0-150400.5.18.1 * rsyslog-module-elasticsearch-8.2306.0-150400.5.18.1 * rsyslog-module-omhttpfs-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-diag-tools-8.2306.0-150400.5.18.1 * rsyslog-debugsource-8.2306.0-150400.5.18.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.18.1 * rsyslog-module-snmp-8.2306.0-150400.5.18.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-mysql-8.2306.0-150400.5.18.1 * rsyslog-module-ossl-8.2306.0-150400.5.18.1 * rsyslog-8.2306.0-150400.5.18.1 * rsyslog-module-relp-8.2306.0-150400.5.18.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-dbi-8.2306.0-150400.5.18.1 * rsyslog-module-omtcl-debuginfo-8.2306.0-150400.5.18.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rsyslog-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-8.2306.0-150400.5.18.1 * rsyslog-debugsource-8.2306.0-150400.5.18.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rsyslog-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-8.2306.0-150400.5.18.1 * rsyslog-debugsource-8.2306.0-150400.5.18.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rsyslog-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-debugsource-8.2306.0-150400.5.18.1 * rsyslog-module-gssapi-8.2306.0-150400.5.18.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.18.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-snmp-8.2306.0-150400.5.18.1 * rsyslog-module-gtls-8.2306.0-150400.5.18.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-pgsql-8.2306.0-150400.5.18.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-mysql-8.2306.0-150400.5.18.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-relp-8.2306.0-150400.5.18.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.18.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rsyslog-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-debugsource-8.2306.0-150400.5.18.1 * rsyslog-module-gssapi-8.2306.0-150400.5.18.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.18.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-snmp-8.2306.0-150400.5.18.1 * rsyslog-module-gtls-8.2306.0-150400.5.18.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-pgsql-8.2306.0-150400.5.18.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-mysql-8.2306.0-150400.5.18.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-relp-8.2306.0-150400.5.18.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.18.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211757 * https://bugzilla.suse.com/show_bug.cgi?id=1213212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 12:30:10 -0000 Subject: SUSE-RU-2023:3371-1: moderate: Recommended update for liblognorm Message-ID: <169270741073.22798.14032595999351409573@smelt2.suse.de> # Recommended update for liblognorm Announcement ID: SUSE-RU-2023:3371-1 Rating: moderate References: * PED-4883 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for liblognorm fixes the following issues: * Update to liblognorm v2.0.6 (jsc#PED-4883) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3371=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3371=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3371=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3371=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3371=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3371=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3371=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3371=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3371=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3371=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3371=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3371=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3371=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3371=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3371=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3371=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3371=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3371=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3371=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE CaaS Platform 4.0 (x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * liblognorm5-2.0.6-150000.3.3.1 * liblognorm-debugsource-2.0.6-150000.3.3.1 * liblognorm-devel-2.0.6-150000.3.3.1 * liblognorm5-debuginfo-2.0.6-150000.3.3.1 ## References: * https://jira.suse.com/browse/PED-4883 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 12:30:12 -0000 Subject: SUSE-RU-2023:2365-2: moderate: Recommended update for util-linux Message-ID: <169270741292.22798.11226909105281013630@smelt2.suse.de> # Recommended update for util-linux Announcement ID: SUSE-RU-2023:2365-2 Rating: moderate References: * #1210164 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one recommended fix can now be installed. ## Description: This update for util-linux fixes the following issues: * Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2365=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2365=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2365=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2365=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2365=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * uuidd-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * util-linux-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * libsmartcols-devel-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libmount-devel-2.36.2-150300.4.35.1 * uuidd-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-2.36.2-150300.4.35.1 * libblkid-devel-2.36.2-150300.4.35.1 * libblkid-devel-static-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libfdisk-devel-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-static-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * util-linux-lang-2.36.2-150300.4.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libuuid1-32bit-2.36.2-150300.4.35.1 * libuuid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libmount1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-2.36.2-150300.4.35.1 * libmount1-32bit-2.36.2-150300.4.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * uuidd-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * util-linux-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * libsmartcols-devel-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libmount-devel-2.36.2-150300.4.35.1 * uuidd-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-2.36.2-150300.4.35.1 * libblkid-devel-2.36.2-150300.4.35.1 * libblkid-devel-static-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libfdisk-devel-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-static-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * util-linux-lang-2.36.2-150300.4.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libuuid1-32bit-2.36.2-150300.4.35.1 * libuuid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libmount1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-2.36.2-150300.4.35.1 * libmount1-32bit-2.36.2-150300.4.35.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * uuidd-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * util-linux-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * libsmartcols-devel-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libmount-devel-2.36.2-150300.4.35.1 * uuidd-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-2.36.2-150300.4.35.1 * libblkid-devel-2.36.2-150300.4.35.1 * libblkid-devel-static-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libfdisk-devel-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-static-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * util-linux-lang-2.36.2-150300.4.35.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libuuid1-32bit-2.36.2-150300.4.35.1 * libuuid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libmount1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-2.36.2-150300.4.35.1 * libmount1-32bit-2.36.2-150300.4.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * uuidd-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * util-linux-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * libsmartcols-devel-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libmount-devel-2.36.2-150300.4.35.1 * uuidd-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-2.36.2-150300.4.35.1 * libblkid-devel-2.36.2-150300.4.35.1 * libblkid-devel-static-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libfdisk-devel-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-static-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * util-linux-lang-2.36.2-150300.4.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libuuid1-32bit-2.36.2-150300.4.35.1 * libuuid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libmount1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-2.36.2-150300.4.35.1 * libmount1-32bit-2.36.2-150300.4.35.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * uuidd-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * util-linux-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * libsmartcols-devel-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libmount-devel-2.36.2-150300.4.35.1 * uuidd-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-2.36.2-150300.4.35.1 * libblkid-devel-2.36.2-150300.4.35.1 * libblkid-devel-static-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libfdisk-devel-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-static-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * SUSE Enterprise Storage 7.1 (noarch) * util-linux-lang-2.36.2-150300.4.35.1 * SUSE Enterprise Storage 7.1 (x86_64) * libuuid1-32bit-2.36.2-150300.4.35.1 * libuuid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libmount1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-2.36.2-150300.4.35.1 * libmount1-32bit-2.36.2-150300.4.35.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210164 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 12:30:16 -0000 Subject: SUSE-RU-2023:3370-1: moderate: Recommended update for rsync Message-ID: <169270741643.22798.1533779656756602697@smelt2.suse.de> # Recommended update for rsync Announcement ID: SUSE-RU-2023:3370-1 Rating: moderate References: * #1176160 * #1201840 * #1204538 * PED-3145 * PED-3146 * SLE-21252 Cross-References: * CVE-2020-14387 * CVE-2022-29154 CVSS scores: * CVE-2020-14387 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-29154 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-29154 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities, contains three features and has one recommended fix can now be installed. ## Description: This update for rsync fixes the following issues: * Update to version 3.2.3 (jsc#SLE-21252, jsc#PED-3146) * Add support for using --atimes to preserve atime of files in destination sync (jsc#PED-3145) * Remove SuSEfirewall2 service as this was replaced by firewalld (which already provides a rsyncd service). * Fix --delay-updates never updates after interruption (bsc#1204538) * Arbitrary file write vulnerability via do_server_recv function (bsc#1201840, CVE-2022-29154) * rsync-ssl: Verify the hostname in the certificate when using openssl. (bsc#1176160, CVE-2020-14387) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3370=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3370=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3370=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3370=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3370=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3370=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3370=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3370=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3370=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3370=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3370=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3370=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3370=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3370=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3370=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3370=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3370=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3370=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Manager Proxy 4.2 (x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE CaaS Platform 4.0 (x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * rsync-3.2.3-150000.4.23.2 * rsync-debugsource-3.2.3-150000.4.23.2 * rsync-debuginfo-3.2.3-150000.4.23.2 ## References: * https://www.suse.com/security/cve/CVE-2020-14387.html * https://www.suse.com/security/cve/CVE-2022-29154.html * https://bugzilla.suse.com/show_bug.cgi?id=1176160 * https://bugzilla.suse.com/show_bug.cgi?id=1201840 * https://bugzilla.suse.com/show_bug.cgi?id=1204538 * https://jira.suse.com/browse/PED-3145 * https://jira.suse.com/browse/PED-3146 * https://jira.suse.com/browse/SLE-21252 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 12:30:18 -0000 Subject: SUSE-SU-2023:3369-1: low: Security update for python-configobj Message-ID: <169270741877.22798.1397613543706717159@smelt2.suse.de> # Security update for python-configobj Announcement ID: SUSE-SU-2023:3369-1 Rating: low References: * #1210070 Cross-References: * CVE-2023-26112 CVSS scores: * CVE-2023-26112 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-26112 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-configobj fixes the following issues: * CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3369=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3369=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3369=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3369=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3369=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3369=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3369=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3369=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3369=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3369=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3369=1 ## Package List: * openSUSE Leap Micro 5.4 (noarch) * python3-configobj-5.0.6-150000.3.3.1 * openSUSE Leap 15.4 (noarch) * python3-configobj-5.0.6-150000.3.3.1 * openSUSE Leap 15.5 (noarch) * python3-configobj-5.0.6-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-configobj-5.0.6-150000.3.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-configobj-5.0.6-150000.3.3.1 * Basesystem Module 15-SP4 (noarch) * python3-configobj-5.0.6-150000.3.3.1 * Basesystem Module 15-SP5 (noarch) * python3-configobj-5.0.6-150000.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-configobj-5.0.6-150000.3.3.1 * SUSE Manager Proxy 4.2 (noarch) * python3-configobj-5.0.6-150000.3.3.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-configobj-5.0.6-150000.3.3.1 * SUSE Manager Server 4.2 (noarch) * python2-configobj-5.0.6-150000.3.3.1 * python3-configobj-5.0.6-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26112.html * https://bugzilla.suse.com/show_bug.cgi?id=1210070 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 12:30:20 -0000 Subject: SUSE-SU-2023:3368-1: low: Security update for python-configobj Message-ID: <169270742082.22798.5297034041757362752@smelt2.suse.de> # Security update for python-configobj Announcement ID: SUSE-SU-2023:3368-1 Rating: low References: * #1210070 Cross-References: * CVE-2023-26112 CVSS scores: * CVE-2023-26112 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-26112 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-configobj fixes the following issues: * CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3368=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3368=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3368=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3368=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-configobj-5.0.6-20.8.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python-configobj-5.0.6-20.8.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python-configobj-5.0.6-20.8.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python-configobj-5.0.6-20.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26112.html * https://bugzilla.suse.com/show_bug.cgi?id=1210070 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 16:30:13 -0000 Subject: SUSE-SU-2023:3376-1: important: Security update for the Linux Kernel Message-ID: <169272181313.6057.1704012720585327722@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3376-1 Rating: important References: * #1206418 * #1207129 * #1207948 * #1210627 * #1210780 * #1210825 * #1211131 * #1211738 * #1211811 * #1212445 * #1212502 * #1212604 * #1212766 * #1212901 * #1213167 * #1213272 * #1213287 * #1213304 * #1213417 * #1213578 * #1213585 * #1213586 * #1213588 * #1213601 * #1213620 * #1213632 * #1213653 * #1213713 * #1213715 * #1213747 * #1213756 * #1213759 * #1213777 * #1213810 * #1213812 * #1213856 * #1213857 * #1213863 * #1213867 * #1213870 * #1213871 * #1213872 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-21400 * CVE-2023-2156 * CVE-2023-2166 * CVE-2023-31083 * CVE-2023-3268 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 * CVE-2023-38409 * CVE-2023-3863 * CVE-2023-4004 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-38409 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-38409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 15 vulnerabilities and has 27 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). * CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC. This flaw allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-38409: Fixed an issue in set_con2fb_map in drivers/video/fbdev/core/fbcon.c. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info) (bsc#1213417). * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). The following non-security bugs were fixed: * ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid() (bsc#1212445). * ACPI: CPPC: Add definition for undefined FADT preferred PM profile value (bsc#1212445). * ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). * ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() (git- fixes). * afs: Adjust ACK interpretation to try and cope with NAT (git-fixes). * afs: Fix access after dec in put functions (git-fixes). * afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). * afs: Fix dynamic root getattr (git-fixes). * afs: Fix fileserver probe RTT handling (git-fixes). * afs: Fix infinite loop found by xfstest generic/676 (git-fixes). * afs: Fix lost servers_outstanding count (git-fixes). * afs: Fix server->active leak in afs_put_server (git-fixes). * afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). * afs: Fix updating of i_size with dv jump from server (git-fixes). * afs: Fix vlserver probe RTT handling (git-fixes). * afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). * afs: Use refcount_t rather than atomic_t (git-fixes). * afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). * ALSA: emu10k1: roll up loops in DSP setup code for Audigy (git-fixes). * ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). * ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). * ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). * ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). * ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes). * ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes). * ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (git- fixes). * ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (git- fixes). * ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset (bsc#1207129). * ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes). * ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (git-fixes). * ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (git- fixes). * ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes). * ALSA: usb-audio: Avoid unnecessary interface change at EP close (git-fixes). * ALSA: usb-audio: Clear fixed clock rate at closing EP (git-fixes). * ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() (git-fixes). * ALSA: usb-audio: Drop superfluous interface setup at parsing (git-fixes). * ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (git-fixes). * ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (git- fixes). * ALSA: usb-audio: More refactoring of hw constraint rules (git-fixes). * ALSA: usb-audio: Properly refcounting clock rate (git-fixes). * ALSA: usb-audio: Rate limit usb_set_interface error reporting (git-fixes). * ALSA: usb-audio: Refcount multiple accesses on the single clock (git-fixes). * ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) (git-fixes). * ALSA: usb-audio: Update for native DSD support quirks (git-fixes). * ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update (git-fixes). * ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes). * amd-pstate: Fix amd_pstate mode switch (git-fixes). * ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count() (git-fixes). * ASoC: atmel: Fix the 8K sample parameter in I2SC master (git-fixes). * ASoc: codecs: ES8316: Fix DMIC config (git-fixes). * ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git- fixes). * ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). * ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). * ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). * ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). * ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). * ASoC: da7219: Check for failure reading AAD IRQ events (git-fixes). * ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes). * ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes). * ASoC: fsl_spdif: Silence output on stop (git-fixes). * ASoC: rt5640: Fix sleep in atomic context (git-fixes). * ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (git-fixes). * ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (git-fixes). * ASoC: rt711: fix for JD event handling in ClockStop Mode0 (git-fixes). * ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() (git-fixes). * ASoC: tegra: Fix ADX byte map (git-fixes). * ASoC: tegra: Fix AMX byte map (git-fixes). * ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (git-fixes). * ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). * block, bfq: Fix division by zero error on zero wsum (bsc#1213653). * block: Fix a source code comment in include/uapi/linux/blkzoned.h (git- fixes). * Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083). * bpf: add missing header file include (bsc#1211738 CVE-2023-0459). * bus: mhi: add new interfaces to handle MHI channels directly (bsc#1207948). * bus: mhi: host: add destroy_device argument to mhi_power_down() (bsc#1207948). * can: af_can: fix NULL pointer dereference in can_rcv_filter (bsc#1210627 CVE-2023-2166). * can: af_can: fix NULL pointer dereference in can_rcv_filter (bsc#1210627 CVE-2023-2166). * can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). * ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). * coda: Avoid partial allocation of sig_inputArgs (git-fixes). * cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445). * cpufreq: amd_pstate: map desired perf into pstate scope for powersave governor (bsc#1212445). * cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445). * cpufreq: amd-pstate: Add AMD P-State frequencies attributes (bsc#1212445). * cpufreq: amd-pstate: Add AMD P-State performance attributes (bsc#1212445). * cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection (bsc#1212445). * cpufreq: amd-pstate: Add boost mode support for AMD P-State (bsc#1212445). * cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445). * cpufreq: amd-pstate: Add fast switch function for AMD P-State (bsc#1212445). * cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445). * cpufreq: amd-pstate: Add guided mode control support via sysfs (bsc#1212445). * cpufreq: amd-pstate: Add more tracepoint for AMD P-State module (bsc#1212445). * cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1212445). * cpufreq: amd-pstate: Add trace for AMD P-State module (bsc#1212445). * cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445). * cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1212445). * cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445). * cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init (bsc#1212445). * cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445). * cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1212445). * cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ (bsc#1212445). * cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State (bsc#1212445). * cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1212445). * cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment (bsc#1212445). * cpufreq: amd-pstate: fix white-space (bsc#1212445). * cpufreq: amd-pstate: implement amd pstate cpu online and offline callback (bsc#1212445). * cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors (bsc#1212445). * cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445). * cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future processors (bsc#1212445). * cpufreq: amd-pstate: Introduce the support for the processors with shared memory solution (bsc#1212445). * cpufreq: amd-pstate: Let user know amd-pstate is disabled (bsc#1212445). * cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated (bsc#1212445). * cpufreq: amd-pstate: Make varaiable mode_state_machine static (bsc#1212445). * cpufreq: amd-pstate: optimize driver working mode selection in amd_pstate_param() (bsc#1212445). * cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver (bsc#1212445). * cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules (bsc#1212445). * cpufreq: amd-pstate: Set a fallback policy based on preferred_profile (bsc#1212445). * cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445). * cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() (bsc#1212445). * cpufreq: amd-pstate: update pstate frequency transition delay time (bsc#1212445). * cpufreq: amd-pstate: Write CPPC enable bit per-socket (bsc#1212445). * crypto: kpp - Add helper to set reqsize (git-fixes). * crypto: qat - Use helper to set reqsize (git-fixes). * dlm: fix missing lkb refcount handling (git-fixes). * dlm: fix plock invalid read (git-fixes). * Documentation: cpufreq: amd-pstate: Move amd_pstate param to alphabetical order (bsc#1212445). * Documentation: devices.txt: reconcile serial/ucc_uart minor numers (git- fixes). * drm/amd: Fix an error handling mistake in psp_sw_init() (git-fixes). * drm/amd/display: Add monitor specific edid quirk (git-fixes). * drm/amd/display: Add polling method to handle MST reply packet (bsc#1213578). * drm/amd/display: check TG is non-null before checking if enabled (git- fixes). * drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). * drm/amd/display: Disable MPC split by default on special asic (git-fixes). * drm/amd/display: fix access hdcp_workqueue assert (git-fixes). * drm/amd/display: fix seamless odm transitions (git-fixes). * drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). * drm/amd/display: only accept async flips for fast updates (git-fixes). * drm/amd/display: Only update link settings after successful MST link train (git-fixes). * drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). * drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (git- fixes). * drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). * drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event() (git-fixes). * drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes). * drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (git- fixes). * drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes). * drm/amd/pm: share the code around SMU13 pcie parameters update (git-fixes). * drm/amdgpu: add the fan abnormal detection feature (git-fixes). * drm/amdgpu: avoid restore process run into dead loop (git-fixes). * drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git- fixes). * drm/amdgpu: Fix minmax warning (git-fixes). * drm/atomic: Allow vblank-enabled + self-refresh "disable" (git-fixes). * drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). * drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git- fixes). * drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). * drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (git-fixes). * drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). * drm/dp_mst: Clear MSG_RDY flag before sending new message (bsc#1213578). * drm/i915: Do not preserve dpll_hw_state for slave crtc in Bigjoiner (git- fixes). * drm/i915: Fix an error handling path in igt_write_huge() (git-fixes). * drm/i915/dpt: Use shmem for dpt objects (git-fixes). * drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks (git- fixes). * drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git- fixes). * drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). * drm/msm/disp/dpu: get timing engine status from intf status register (git- fixes). * drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). * drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). * drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). * drm/ttm: fix bulk_move corruption when adding a entry (git-fixes). * drm/ttm: fix warning that we shouldn't mix (git-fixes). * drm/vmwgfx: Fix Legacy Display Unit atomic drm support (bsc#1213632). * drm/vmwgfx: Remove explicit and broken vblank handling (bsc#1213632). * drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632). * fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). * fbdev: imxfb: Removed unneeded release_mem_region (git-fixes). * fbdev: imxfb: warn about invalid left/right margin (git-fixes). * file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). * fs: dlm: add midcomms init/start functions (git-fixes). * fs: dlm: do not set stop rx flag after node reset (git-fixes). * fs: dlm: filter user dlm messages for kernel locks (git-fixes). * fs: dlm: fix log of lowcomms vs midcomms (git-fixes). * fs: dlm: fix race between test_bit() and queue_work() (git-fixes). * fs: dlm: fix race in lowcomms (git-fixes). * fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). * fs: dlm: move sending fin message into state change handling (git-fixes). * fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). * fs: dlm: return positive pid value for F_GETLK (git-fixes). * fs: dlm: start midcomms before scand (git-fixes). * fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git- fixes). * FS: JFS: Check for read-only mounted filesystem in txBegin (git-fixes). * FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes). * fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). * gve: Set default duplex configuration to full (git-fixes). * gve: unify driver name usage (git-fixes). * hwmon: (adm1275) Allow setting sample averaging (git-fixes). * hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git- fixes). * hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). * hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). * i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). * i2c: xiic: Do not try to handle more interrupt events after error (git- fixes). * iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED (git-fixes). * iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (git-fixes). * iavf: Fix out-of-bounds when setting channels on remove (git-fixes). * iavf: fix potential deadlock on allocation failure (git-fixes). * iavf: fix reset task race with iavf_remove() (git-fixes). * iavf: Fix use-after-free in free_netdev (git-fixes). * iavf: Move netdev_update_features() into watchdog task (git-fixes). * iavf: use internal state to free traffic IRQs (git-fixes). * iavf: Wait for reset in callbacks which trigger it (git-fixes). * IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) * ice: Fix max_rate check while configuring TX rate limits (git-fixes). * ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). * ice: handle extts in the miscellaneous interrupt thread (git-fixes). * igc: Check if hardware TX timestamping is enabled earlier (git-fixes). * igc: Enable and fix RX hash usage by netstack (git-fixes). * igc: Fix inserting of empty frame for launchtime (git-fixes). * igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). * igc: Fix launchtime before start of cycle (git-fixes). * igc: Fix race condition in PTP tx code (git-fixes). * igc: Handle PPS start time programming for past time values (git-fixes). * igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). * igc: Remove delay during TX ring configuration (git-fixes). * igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). * igc: Work around HW bug causing missing timestamps (git-fixes). * Input: i8042 - add Clevo PCX0DX to i8042 quirk table (git-fixes). * Input: iqs269a - do not poll during ATI (git-fixes). * Input: iqs269a - do not poll during suspend or resume (git-fixes). * io_uring: ensure IOPOLL locks around deferred work (bsc#1213272 CVE-2023-21400). * ipv6: rpl: Fix Route of Death (CVE-2023-2156 bsc#1211131). * jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). * jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). * jffs2: fix memory leak in jffs2_scan_medium (git-fixes). * jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). * jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git- fixes). * jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). * jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). * kabi/severities: relax kABI for ath11k local symbols (bsc#1207948) * kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). * KVM: Add GDS_NO support to KVM (bsc#1206418, CVE-2022-40982). * KVM: arm64: Do not read a HW interrupt pending state in user context (git- fixes) * KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620) * KVM: Do not null dereference ops->destroy (git-fixes) * KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes) * KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git- fixes) * KVM: s390: pv: fix index value of replaced ASCE (git-fixes bsc#1213867). * KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (git- fixes). * KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (git- fixes). * KVM: VMX: restore vmx_vmexit alignment (git-fixes). * KVM: x86: Account fastpath-only VM-Exits in vCPU stats (git-fixes). * leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git- fixes). * libceph: harden msgr2.1 frame segment length checks (bsc#1213857). * md: add error_handlers for raid0 and linear (bsc#1212766). * media: staging: atomisp: select V4L2_FWNODE (git-fixes). * mhi_power_down() kABI workaround (bsc#1207948). * mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). * mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). * net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). * net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). * net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). * net: nfc: Fix use-after-free caused by nfc_llcp_find_local (bsc#1213601 CVE-2023-3863). * net: phy: marvell10g: fix 88x3310 power up (git-fixes). * net/mlx5: DR, Support SW created encap actions for FW table (git-fixes). * net/mlx5e: Check for NOT_READY flag state after locking (git-fixes). * net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes). * net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes). * net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes). * net/mlx5e: XDP, Allow growing tail for XDP multi buffer (git-fixes). * net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ (git-fixes). * net/sched: cls_fw: Fix improper refcount update leads to use-after-free (CVE-2023-3776 bsc#1213588). * net/sched: cls_u32: Fix reference counter leak leading to overflow (CVE-2023-3609 bsc#1213586). * net/sched: sch_qfq: account for stab overhead in qfq_enqueue (CVE-2023-3611 bsc#1213585). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). * netfilter: nft_set_pipapo: fix improper element removal (bsc#1213812 CVE-2023-4004). * nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601 CVE-2023-3863). * nfsd: add encoding of op_recall flag for write delegation (git-fixes). * nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). * nfsd: Fix sparse warning (git-fixes). * nfsd: Remove open coding of string copy (git-fixes). * NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git- fixes). * NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (git- fixes). * nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). * nvme-pci: remove nvme_queue from nvme_iod (git-fixes). * nvme: do not reject probe due to duplicate IDs for single-ported PCIe devices (git-fixes). * nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes). * octeontx-af: fix hardware timestamp configuration (git-fixes). * octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). * octeontx2-pf: Add additional check for MCAM rules (git-fixes). * PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). * PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). * phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git- fixes). * pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). * pinctrl: amd: Do not show Invalid config param errors (git-fixes). * pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). * pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). * pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). * platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git- fixes). * RDMA/bnxt_re: Fix hang during driver unload (git-fixes) * RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes) * RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes) * RDMA/irdma: Add missing read barriers (git-fixes) * RDMA/irdma: Fix data race on CQP completion stats (git-fixes) * RDMA/irdma: Fix data race on CQP request done (git-fixes) * RDMA/irdma: Fix op_type reporting in CQEs (git-fixes) * RDMA/irdma: Report correct WC error (git-fixes) * RDMA/mlx4: Make check for invalid flags stricter (git-fixes) * RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes) * regmap: Account for register length in SMBus I/O limits (git-fixes). * regmap: Drop initial version of maximum transfer length fixes (git-fixes). * relayfs: fix out-of-bounds access in relay_file_read (bsc#1212502 CVE-2023-3268). * rxrpc, afs: Fix selection of abort codes (git-fixes). * s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). * s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). * s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). * s390/dasd: print copy pair message only for the correct error (git-fixes bsc#1213872). * s390/decompressor: specify __decompress() buf len to avoid overflow (git- fixes bsc#1213863). * s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). * s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). * s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). * scftorture: Count reschedule IPIs (git-fixes). * scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). * scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). * scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). * scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). * scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). * scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). * scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). * scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). * scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). * scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). * scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). * scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). * scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). * scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). * scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). * scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). * scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). * scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). * scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). * scsi: lpfc: Use struct_size() helper (bsc#1213756). * scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). * scsi: qla2xxx: Array index may go out of bound (bsc#1213747). * scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). * scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). * scsi: qla2xxx: Correct the index of array (bsc#1213747). * scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). * scsi: qla2xxx: Fix buffer overrun (bsc#1213747). * scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). * scsi: qla2xxx: Fix deletion race condition (bsc#1213747). * scsi: qla2xxx: Fix end of loop test (bsc#1213747). * scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). * scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). * scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). * scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). * scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). * scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). * scsi: qla2xxx: Fix TMF leak through (bsc#1213747). * scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). * scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). * scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). * scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). * scsi: qla2xxx: Silence a static checker warning (bsc#1213747). * scsi: qla2xxx: Turn off noisy message log (bsc#1213747). * scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). * scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). * scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). * selftests: rtnetlink: remove netdevsim device after ipsec offload test (git- fixes). * serial: qcom-geni: drop bogus runtime pm state update (git-fixes). * serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). * sfc: fix crash when reading stats while NIC is resetting (git-fixes). * sfc: fix XDP queues mode with legacy IRQ (git-fixes). * sfc: use budget for TX completions (git-fixes). * soundwire: qcom: update status correctly with mask (git-fixes). * staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git- fixes). * staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). * SUNRPC: always free ctxt when freeing deferred request (git-fixes). * SUNRPC: double free xprt_ctxt while still in use (git-fixes). * SUNRPC: Fix trace_svc_register() call site (git-fixes). * SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes). * SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes). * SUNRPC: remove the maximum number of retries in call_bind_status (git- fixes). * svcrdma: Prevent page release when nothing was received (git-fixes). * tpm_tis: Explicitly check for error code (git-fixes). * tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). * tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). * uaccess: Add speculation barrier to copy_from_user() (bsc#1211738 CVE-2023-0459). * ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git- fixes). * ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git- fixes). * ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). * ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git- fixes). * ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). * ubifs: Fix build errors as symbol undefined (git-fixes). * ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git- fixes). * ubifs: Fix memory leak in alloc_wbufs() (git-fixes). * ubifs: Fix memory leak in do_rename (git-fixes). * ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). * ubifs: Fix to add refcount once page is set private (git-fixes). * ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). * ubifs: Free memory for tmpfile name (git-fixes). * ubifs: Re-statistic cleaned znode count if commit failed (git-fixes). * ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). * ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). * ubifs: Rectify space budget for ubifs_xrename() (git-fixes). * ubifs: Rename whiteout atomically (git-fixes). * ubifs: rename_whiteout: correct old_dir size computing (git-fixes). * ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). * ubifs: Reserve one leb for each journal head while doing budget (git-fixes). * ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). * ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git- fixes). * usb: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). * usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). * usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). * usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). * USB: serial: option: add LARA-R6 01B PIDs (git-fixes). * usb: typec: Iterate pds array when showing the pd list (git-fixes). * usb: typec: Set port->pd before adding device for typec_port (git-fixes). * usb: typec: Use sysfs_emit_at when concatenating the string (git-fixes). * usb: xhci-mtk: set the dma max_seg_size (git-fixes). * vhost_net: revert upend_idx only on retriable error (git-fixes). * vhost: support PACKED when setting-getting vring_base (git-fixes). * virtio_net: Fix error unwinding of XDP initialization (git-fixes). * virtio-net: Maintain reverse cleanup order (git-fixes). * wifi: ath11k: add support for suspend in power down state (bsc#1207948). * wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948). * wifi: ath11k: handle thermal device registeration together with MAC (bsc#1207948). * wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948). * wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). * wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). * wl3501_cs: use eth_hw_addr_set() (git-fixes). * x86/PVH: obtain VGA console info in Dom0 (git-fixes). * x86/speculation: Add Kconfig option for GDS (bsc#1206418, CVE-2022-40982). * x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569). * x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569). * xen/blkfront: Only check REQ_FUA for writes (git-fixes). * xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git- fixes). * xfs: AIL needs asynchronous CIL forcing (bsc#1211811). * xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). * xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). * xfs: CIL work is serialised, not pipelined (bsc#1211811). * xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). * xfs: drop async cache flushes from CIL commits (bsc#1211811). * xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). * xfs: move the CIL workqueue to the CIL (bsc#1211811). * xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). * xfs: order CIL checkpoint start records (bsc#1211811). * xfs: pass a CIL context to xlog_write() (bsc#1211811). * xfs: rework xlog_state_do_callback() (bsc#1211811). * xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). * xfs: separate out log shutdown callback processing (bsc#1211811). * xfs: wait iclog complete before tearing down AIL (bsc#1211811). * xfs: XLOG_STATE_IOERROR must die (bsc#1211811). * xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). * xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). * xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3376=1 openSUSE-SLE-15.5-2023-3376=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3376=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * kernel-syms-azure-5.14.21-150500.33.14.1 * kselftests-kmp-azure-5.14.21-150500.33.14.1 * kernel-azure-debuginfo-5.14.21-150500.33.14.1 * cluster-md-kmp-azure-5.14.21-150500.33.14.1 * kernel-azure-extra-5.14.21-150500.33.14.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.14.1 * reiserfs-kmp-azure-5.14.21-150500.33.14.1 * gfs2-kmp-azure-5.14.21-150500.33.14.1 * kernel-azure-devel-5.14.21-150500.33.14.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.14.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.14.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.14.1 * kernel-azure-debugsource-5.14.21-150500.33.14.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.14.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.14.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.14.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.14.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.14.1 * ocfs2-kmp-azure-5.14.21-150500.33.14.1 * dlm-kmp-azure-5.14.21-150500.33.14.1 * kernel-azure-optional-5.14.21-150500.33.14.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.14.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.14.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-debuginfo-5.14.21-150500.33.14.1 * kernel-azure-vdso-5.14.21-150500.33.14.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.14.1 * kernel-devel-azure-5.14.21-150500.33.14.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.14.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-syms-azure-5.14.21-150500.33.14.1 * kernel-azure-debuginfo-5.14.21-150500.33.14.1 * kernel-azure-debugsource-5.14.21-150500.33.14.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.14.1 * kernel-azure-devel-5.14.21-150500.33.14.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.14.1 * kernel-devel-azure-5.14.21-150500.33.14.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-21400.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2166.html * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-38409.html * https://www.suse.com/security/cve/CVE-2023-3863.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207129 * https://bugzilla.suse.com/show_bug.cgi?id=1207948 * https://bugzilla.suse.com/show_bug.cgi?id=1210627 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1210825 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211811 * https://bugzilla.suse.com/show_bug.cgi?id=1212445 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212604 * https://bugzilla.suse.com/show_bug.cgi?id=1212766 * https://bugzilla.suse.com/show_bug.cgi?id=1212901 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213272 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213304 * https://bugzilla.suse.com/show_bug.cgi?id=1213417 * https://bugzilla.suse.com/show_bug.cgi?id=1213578 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213601 * https://bugzilla.suse.com/show_bug.cgi?id=1213620 * https://bugzilla.suse.com/show_bug.cgi?id=1213632 * https://bugzilla.suse.com/show_bug.cgi?id=1213653 * https://bugzilla.suse.com/show_bug.cgi?id=1213713 * https://bugzilla.suse.com/show_bug.cgi?id=1213715 * https://bugzilla.suse.com/show_bug.cgi?id=1213747 * https://bugzilla.suse.com/show_bug.cgi?id=1213756 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213777 * https://bugzilla.suse.com/show_bug.cgi?id=1213810 * https://bugzilla.suse.com/show_bug.cgi?id=1213812 * https://bugzilla.suse.com/show_bug.cgi?id=1213856 * https://bugzilla.suse.com/show_bug.cgi?id=1213857 * https://bugzilla.suse.com/show_bug.cgi?id=1213863 * https://bugzilla.suse.com/show_bug.cgi?id=1213867 * https://bugzilla.suse.com/show_bug.cgi?id=1213870 * https://bugzilla.suse.com/show_bug.cgi?id=1213871 * https://bugzilla.suse.com/show_bug.cgi?id=1213872 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 16:30:15 -0000 Subject: SUSE-SU-2023:3375-1: moderate: Security update for evolution Message-ID: <169272181591.6057.7556108224027188564@smelt2.suse.de> # Security update for evolution Announcement ID: SUSE-SU-2023:3375-1 Rating: moderate References: * #1169843 * #1213858 Cross-References: * CVE-2020-11879 CVSS scores: * CVE-2020-11879 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2020-11879 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for evolution fixes the following issues: * CVE-2020-11879: Fixed issue where websites can attach local files to emails by using a proprietary parameter without warning the user (bsc#1169843). * Fix some warnings with newer WebKit * Handle frame flattening change in WebKitGTK 2.40 (bsc#1213858) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3375=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3375=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * evolution-debuginfo-3.22.6-19.14.1 * evolution-debugsource-3.22.6-19.14.1 * evolution-devel-3.22.6-19.14.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * evolution-debuginfo-3.22.6-19.14.1 * evolution-debugsource-3.22.6-19.14.1 * evolution-3.22.6-19.14.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * evolution-lang-3.22.6-19.14.1 ## References: * https://www.suse.com/security/cve/CVE-2020-11879.html * https://bugzilla.suse.com/show_bug.cgi?id=1169843 * https://bugzilla.suse.com/show_bug.cgi?id=1213858 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 16:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 16:30:17 -0000 Subject: SUSE-RU-2023:3258-2: moderate: Recommended update for trento-agent, trento-server-installer Message-ID: <169272181706.6057.11145625857703311307@smelt2.suse.de> # Recommended update for trento-agent, trento-server-installer Announcement ID: SUSE-RU-2023:3258-2 Rating: moderate References: Affected Products: * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for trento-agent, trento-server-installer fixes the following issues: * Release 2.1.0 (https://github.com/trento- project/agent/compare/2.0.0...2.1.0) * bump contracts version (#233) * Send an empty payload if a cluster was not found (#227) * Cloned VMs in VMware have all the same uuid (#223) * Release 2.0.0 (https://github.com/trento- project/agent/compare/1.2.0...2.0.0) * Parse durations in cibadmin gatherer (#204) * Add ability to detect if running on `VMware` system (#193) * Pin web api version to v1 (#186) * Multiversion package support (#181) * Pretty print fact values (#176) * Unhide facts service url flag (#172) * Add version comparison functionality for package_version (#169) * Make `corosynccmapctl` gatherer output a map structure (#168) * Add initial support to verify the password for the hacluster user (#164) * Add argument validation for gatherers that require it (#162) * Hidden agent id flag (#160) * Sbd dump gatherer (#156) * Retrieve agent id command (#154) * Port cibadmin gatherer (#149) * Restructure project folders structure (#147) * Generic get value (#146) * Refactor sbd loading (#145) * Corosynccmap ctl gatherer port (#144) * Refactor sbd gatherer (#141) * Packageversion gatherer (#140) * Port systemd gatherer (#139) * Gather all hosts entries when no arg is provided (#137) * Add FactValue type (#133) * Implement /etc/hosts file gatherer (#78) * Implement saphostctrl gatherer (#71) * Fix getValue function when map is empty (#218) * Cibadmin meta attributes to list (#211) * Fix broken zypper output parsing in package_version due to `\n` (#173) * Handle `CorosyncCmapctlGatherer` receiving empty lines (#171) * Fix cluster_property_set parsing (#170) * Fix list conversion issues in the xml gatherer (#157) * Fix special lists usage in corosyncconf gatherer (#155) * Remove ssh address references (#174) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3258=1 ## Package List: * SAP Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * trento-agent-2.1.0-150100.3.6.1 * SAP Applications Module 15-SP5 (noarch) * trento-server-installer-2.1.0-150100.3.6.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 20:30:05 -0000 Subject: SUSE-SU-2023:3380-1: important: Security update for qt6-base Message-ID: <169273620550.2710.9803183330406843855@smelt2.suse.de> # Security update for qt6-base Announcement ID: SUSE-SU-2023:3380-1 Rating: important References: * #1211642 * #1211797 * #1211798 * #1211994 * #1213326 Cross-References: * CVE-2023-32762 * CVE-2023-32763 * CVE-2023-33285 * CVE-2023-34410 * CVE-2023-38197 CVSS scores: * CVE-2023-32762 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-32762 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-32763 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32763 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-33285 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-33285 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-34410 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-34410 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-38197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-38197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for qt6-base fixes the following issues: * CVE-2023-34410: Fixed certificate validation flaw (bsc#1211994). * CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642). * CVE-2023-32762: Fixed strict-transport-security (HSTS) header parsing error (QTBUG-113392) (bsc#1211797). * CVE-2023-38197: Fixed infinite loops in QXmlStreamReader (QTBUG-92113, QTBUG-95188) (bsc#1213326). * CVE-2023-32763: Fixed buffer overflow in QTextLayout (QTBUG-113337, QTBUG-106947, QTBUG-89557, QTBUG-104986) (bsc#1211798). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3380=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3380=1 openSUSE-SLE-15.4-2023-3380=1 ## Package List: * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt6Gui6-6.2.2-150400.4.6.1 * libQt6Core6-6.2.2-150400.4.6.1 * libQt6Test6-6.2.2-150400.4.6.1 * libQt6OpenGLWidgets6-debuginfo-6.2.2-150400.4.6.1 * libQt6PrintSupport6-6.2.2-150400.4.6.1 * qt6-kmssupport-private-devel-6.2.2-150400.4.6.1 * qt6-core-private-devel-6.2.2-150400.4.6.1 * qt6-network-devel-6.2.2-150400.4.6.1 * qt6-openglwidgets-devel-6.2.2-150400.4.6.1 * qt6-platformsupport-devel-static-6.2.2-150400.4.6.1 * libQt6Network6-debuginfo-6.2.2-150400.4.6.1 * qt6-core-devel-6.2.2-150400.4.6.1 * qt6-sql-sqlite-6.2.2-150400.4.6.1 * qt6-sql-sqlite-debuginfo-6.2.2-150400.4.6.1 * libQt6Sql6-debuginfo-6.2.2-150400.4.6.1 * qt6-dbus-devel-6.2.2-150400.4.6.1 * libQt6Concurrent6-6.2.2-150400.4.6.1 * libQt6Core6-debuginfo-6.2.2-150400.4.6.1 * libQt6Gui6-debuginfo-6.2.2-150400.4.6.1 * qt6-gui-private-devel-6.2.2-150400.4.6.1 * qt6-widgets-devel-6.2.2-150400.4.6.1 * qt6-network-tls-debuginfo-6.2.2-150400.4.6.1 * libQt6PrintSupport6-debuginfo-6.2.2-150400.4.6.1 * qt6-opengl-devel-6.2.2-150400.4.6.1 * libQt6Network6-6.2.2-150400.4.6.1 * libQt6Concurrent6-debuginfo-6.2.2-150400.4.6.1 * libQt6OpenGL6-debuginfo-6.2.2-150400.4.6.1 * libQt6Xml6-6.2.2-150400.4.6.1 * libQt6Sql6-6.2.2-150400.4.6.1 * qt6-concurrent-devel-6.2.2-150400.4.6.1 * libQt6Xml6-debuginfo-6.2.2-150400.4.6.1 * libQt6OpenGL6-6.2.2-150400.4.6.1 * qt6-base-common-devel-debuginfo-6.2.2-150400.4.6.1 * libQt6OpenGLWidgets6-6.2.2-150400.4.6.1 * qt6-base-common-devel-6.2.2-150400.4.6.1 * qt6-xml-devel-6.2.2-150400.4.6.1 * qt6-sql-devel-6.2.2-150400.4.6.1 * libQt6DBus6-debuginfo-6.2.2-150400.4.6.1 * libQt6DBus6-6.2.2-150400.4.6.1 * qt6-opengl-private-devel-6.2.2-150400.4.6.1 * qt6-kmssupport-devel-static-6.2.2-150400.4.6.1 * qt6-base-debuginfo-6.2.2-150400.4.6.1 * qt6-gui-devel-6.2.2-150400.4.6.1 * qt6-test-devel-6.2.2-150400.4.6.1 * qt6-network-tls-6.2.2-150400.4.6.1 * libQt6Widgets6-debuginfo-6.2.2-150400.4.6.1 * libQt6Widgets6-6.2.2-150400.4.6.1 * qt6-base-debugsource-6.2.2-150400.4.6.1 * qt6-widgets-private-devel-6.2.2-150400.4.6.1 * libQt6Test6-debuginfo-6.2.2-150400.4.6.1 * qt6-printsupport-devel-6.2.2-150400.4.6.1 * SUSE Package Hub 15 15-SP4 (noarch) * qt6-base-devel-6.2.2-150400.4.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * qt6-networkinformation-nm-6.2.2-150400.4.6.1 * libQt6Gui6-6.2.2-150400.4.6.1 * libQt6Core6-6.2.2-150400.4.6.1 * qt6-platformtheme-xdgdesktopportal-debuginfo-6.2.2-150400.4.6.1 * libQt6Test6-6.2.2-150400.4.6.1 * libQt6OpenGLWidgets6-debuginfo-6.2.2-150400.4.6.1 * libQt6PrintSupport6-6.2.2-150400.4.6.1 * qt6-kmssupport-private-devel-6.2.2-150400.4.6.1 * qt6-core-private-devel-6.2.2-150400.4.6.1 * qt6-printsupport-cups-6.2.2-150400.4.6.1 * qt6-network-devel-6.2.2-150400.4.6.1 * qt6-xml-private-devel-6.2.2-150400.4.6.1 * qt6-openglwidgets-devel-6.2.2-150400.4.6.1 * qt6-platformsupport-devel-static-6.2.2-150400.4.6.1 * libQt6Network6-debuginfo-6.2.2-150400.4.6.1 * qt6-core-devel-6.2.2-150400.4.6.1 * qt6-sql-sqlite-6.2.2-150400.4.6.1 * qt6-sql-sqlite-debuginfo-6.2.2-150400.4.6.1 * qt6-platformtheme-gtk3-debuginfo-6.2.2-150400.4.6.1 * libQt6Sql6-debuginfo-6.2.2-150400.4.6.1 * qt6-dbus-devel-6.2.2-150400.4.6.1 * libQt6Concurrent6-6.2.2-150400.4.6.1 * libQt6Core6-debuginfo-6.2.2-150400.4.6.1 * libQt6Gui6-debuginfo-6.2.2-150400.4.6.1 * qt6-gui-private-devel-6.2.2-150400.4.6.1 * qt6-widgets-devel-6.2.2-150400.4.6.1 * qt6-platformtheme-xdgdesktopportal-6.2.2-150400.4.6.1 * qt6-network-private-devel-6.2.2-150400.4.6.1 * qt6-network-tls-debuginfo-6.2.2-150400.4.6.1 * libQt6PrintSupport6-debuginfo-6.2.2-150400.4.6.1 * qt6-opengl-devel-6.2.2-150400.4.6.1 * libQt6Network6-6.2.2-150400.4.6.1 * qt6-test-private-devel-6.2.2-150400.4.6.1 * libQt6Concurrent6-debuginfo-6.2.2-150400.4.6.1 * qt6-printsupport-cups-debuginfo-6.2.2-150400.4.6.1 * libQt6OpenGL6-debuginfo-6.2.2-150400.4.6.1 * libQt6Xml6-6.2.2-150400.4.6.1 * libQt6Sql6-6.2.2-150400.4.6.1 * qt6-concurrent-devel-6.2.2-150400.4.6.1 * libQt6Xml6-debuginfo-6.2.2-150400.4.6.1 * libQt6OpenGL6-6.2.2-150400.4.6.1 * qt6-base-common-devel-debuginfo-6.2.2-150400.4.6.1 * qt6-sql-unixODBC-6.2.2-150400.4.6.1 * libQt6OpenGLWidgets6-6.2.2-150400.4.6.1 * qt6-base-common-devel-6.2.2-150400.4.6.1 * qt6-sql-mysql-debuginfo-6.2.2-150400.4.6.1 * qt6-base-docs-qch-6.2.2-150400.4.6.1 * qt6-networkinformation-nm-debuginfo-6.2.2-150400.4.6.1 * qt6-sql-unixODBC-debuginfo-6.2.2-150400.4.6.1 * qt6-xml-devel-6.2.2-150400.4.6.1 * qt6-sql-devel-6.2.2-150400.4.6.1 * qt6-printsupport-private-devel-6.2.2-150400.4.6.1 * qt6-sql-private-devel-6.2.2-150400.4.6.1 * libQt6DBus6-debuginfo-6.2.2-150400.4.6.1 * libQt6DBus6-6.2.2-150400.4.6.1 * qt6-opengl-private-devel-6.2.2-150400.4.6.1 * qt6-kmssupport-devel-static-6.2.2-150400.4.6.1 * qt6-platformtheme-gtk3-6.2.2-150400.4.6.1 * qt6-base-debuginfo-6.2.2-150400.4.6.1 * qt6-base-examples-6.2.2-150400.4.6.1 * qt6-gui-devel-6.2.2-150400.4.6.1 * qt6-sql-postgresql-6.2.2-150400.4.6.1 * qt6-sql-postgresql-debuginfo-6.2.2-150400.4.6.1 * qt6-network-tls-6.2.2-150400.4.6.1 * qt6-test-devel-6.2.2-150400.4.6.1 * libQt6Widgets6-debuginfo-6.2.2-150400.4.6.1 * libQt6Widgets6-6.2.2-150400.4.6.1 * qt6-base-docs-html-6.2.2-150400.4.6.1 * qt6-base-debugsource-6.2.2-150400.4.6.1 * qt6-widgets-private-devel-6.2.2-150400.4.6.1 * libQt6Test6-debuginfo-6.2.2-150400.4.6.1 * qt6-platformsupport-private-devel-6.2.2-150400.4.6.1 * qt6-dbus-private-devel-6.2.2-150400.4.6.1 * qt6-base-examples-debuginfo-6.2.2-150400.4.6.1 * qt6-sql-mysql-6.2.2-150400.4.6.1 * qt6-printsupport-devel-6.2.2-150400.4.6.1 * openSUSE Leap 15.4 (noarch) * qt6-base-devel-6.2.2-150400.4.6.1 * qt6-docs-common-6.2.2-150400.4.6.1 * qt6-base-private-devel-6.2.2-150400.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32762.html * https://www.suse.com/security/cve/CVE-2023-32763.html * https://www.suse.com/security/cve/CVE-2023-33285.html * https://www.suse.com/security/cve/CVE-2023-34410.html * https://www.suse.com/security/cve/CVE-2023-38197.html * https://bugzilla.suse.com/show_bug.cgi?id=1211642 * https://bugzilla.suse.com/show_bug.cgi?id=1211797 * https://bugzilla.suse.com/show_bug.cgi?id=1211798 * https://bugzilla.suse.com/show_bug.cgi?id=1211994 * https://bugzilla.suse.com/show_bug.cgi?id=1213326 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 20:30:07 -0000 Subject: SUSE-SU-2023:3379-1: important: Security update for nodejs16 Message-ID: <169273620799.2710.3170353770460654679@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:3379-1 Rating: important References: * #1214150 * #1214154 * #1214156 Cross-References: * CVE-2023-32002 * CVE-2023-32006 * CVE-2023-32559 CVSS scores: * CVE-2023-32002 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2023-32006 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-32006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32559 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to LTS version 16.20.2. * CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). * CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3379=1 openSUSE-SLE-15.4-2023-3379=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-3379=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * corepack16-16.20.2-150400.3.24.1 * nodejs16-16.20.2-150400.3.24.1 * nodejs16-debuginfo-16.20.2-150400.3.24.1 * nodejs16-devel-16.20.2-150400.3.24.1 * npm16-16.20.2-150400.3.24.1 * nodejs16-debugsource-16.20.2-150400.3.24.1 * openSUSE Leap 15.4 (noarch) * nodejs16-docs-16.20.2-150400.3.24.1 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nodejs16-16.20.2-150400.3.24.1 * nodejs16-debuginfo-16.20.2-150400.3.24.1 * nodejs16-devel-16.20.2-150400.3.24.1 * npm16-16.20.2-150400.3.24.1 * nodejs16-debugsource-16.20.2-150400.3.24.1 * Web and Scripting Module 15-SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32002.html * https://www.suse.com/security/cve/CVE-2023-32006.html * https://www.suse.com/security/cve/CVE-2023-32559.html * https://bugzilla.suse.com/show_bug.cgi?id=1214150 * https://bugzilla.suse.com/show_bug.cgi?id=1214154 * https://bugzilla.suse.com/show_bug.cgi?id=1214156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 20:30:10 -0000 Subject: SUSE-SU-2023:3378-1: important: Security update for nodejs18 Message-ID: <169273621054.2710.226998676505576599@smelt2.suse.de> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:3378-1 Rating: important References: * #1214150 * #1214154 * #1214156 Cross-References: * CVE-2023-32002 * CVE-2023-32006 * CVE-2023-32559 CVSS scores: * CVE-2023-32002 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2023-32006 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-32006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32559 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: Update to LTS version 18.17.1. * CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). * CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3378=1 openSUSE-SLE-15.4-2023-3378=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3378=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-3378=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-3378=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * nodejs18-debugsource-18.17.1-150400.9.12.1 * nodejs18-18.17.1-150400.9.12.1 * nodejs18-debuginfo-18.17.1-150400.9.12.1 * corepack18-18.17.1-150400.9.12.1 * npm18-18.17.1-150400.9.12.1 * nodejs18-devel-18.17.1-150400.9.12.1 * openSUSE Leap 15.4 (noarch) * nodejs18-docs-18.17.1-150400.9.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * nodejs18-debugsource-18.17.1-150400.9.12.1 * nodejs18-18.17.1-150400.9.12.1 * nodejs18-debuginfo-18.17.1-150400.9.12.1 * corepack18-18.17.1-150400.9.12.1 * npm18-18.17.1-150400.9.12.1 * nodejs18-devel-18.17.1-150400.9.12.1 * openSUSE Leap 15.5 (noarch) * nodejs18-docs-18.17.1-150400.9.12.1 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nodejs18-debugsource-18.17.1-150400.9.12.1 * nodejs18-18.17.1-150400.9.12.1 * nodejs18-debuginfo-18.17.1-150400.9.12.1 * npm18-18.17.1-150400.9.12.1 * nodejs18-devel-18.17.1-150400.9.12.1 * Web and Scripting Module 15-SP4 (noarch) * nodejs18-docs-18.17.1-150400.9.12.1 * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nodejs18-debugsource-18.17.1-150400.9.12.1 * nodejs18-18.17.1-150400.9.12.1 * nodejs18-debuginfo-18.17.1-150400.9.12.1 * npm18-18.17.1-150400.9.12.1 * nodejs18-devel-18.17.1-150400.9.12.1 * Web and Scripting Module 15-SP5 (noarch) * nodejs18-docs-18.17.1-150400.9.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32002.html * https://www.suse.com/security/cve/CVE-2023-32006.html * https://www.suse.com/security/cve/CVE-2023-32559.html * https://bugzilla.suse.com/show_bug.cgi?id=1214150 * https://bugzilla.suse.com/show_bug.cgi?id=1214154 * https://bugzilla.suse.com/show_bug.cgi?id=1214156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 22 20:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Aug 2023 20:30:20 -0000 Subject: SUSE-SU-2023:3377-1: important: Security update for the Linux Kernel Message-ID: <169273622051.2710.10993708800229383466@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3377-1 Rating: important References: * #1206418 * #1207129 * #1210627 * #1210780 * #1211131 * #1211738 * #1212502 * #1212604 * #1212901 * #1213167 * #1213272 * #1213287 * #1213304 * #1213588 * #1213620 * #1213653 * #1213713 * #1213715 * #1213747 * #1213756 * #1213759 * #1213777 * #1213810 * #1213812 * #1213856 * #1213857 * #1213863 * #1213867 * #1213870 * #1213871 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-21400 * CVE-2023-2156 * CVE-2023-2166 * CVE-2023-31083 * CVE-2023-3268 * CVE-2023-3567 * CVE-2023-3776 * CVE-2023-4004 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L * CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 11 vulnerabilities and has 19 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). * CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: * afs: adjust ack interpretation to try and cope with nat (git-fixes). * afs: fix access after dec in put functions (git-fixes). * afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes). * afs: fix dynamic root getattr (git-fixes). * afs: fix fileserver probe rtt handling (git-fixes). * afs: fix infinite loop found by xfstest generic/676 (git-fixes). * afs: fix lost servers_outstanding count (git-fixes). * afs: fix server->active leak in afs_put_server (git-fixes). * afs: fix setting of mtime when creating a file/dir/symlink (git-fixes). * afs: fix updating of i_size with dv jump from server (git-fixes). * afs: fix vlserver probe rtt handling (git-fixes). * afs: return -eagain, not -eremoteio, when a file already locked (git-fixes). * afs: use refcount_t rather than atomic_t (git-fixes). * afs: use the operation issue time instead of the reply time for callbacks (git-fixes). * alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). * alsa: hda/realtek: support asus g713pv laptop (git-fixes). * alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). * alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). * alsa: usb-audio: update for native dsd support quirks (git-fixes). * asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). * asoc: codecs: es8316: fix dmic config (git-fixes). * asoc: da7219: check for failure reading aad irq events (git-fixes). * asoc: da7219: flush pending aad irq when suspending (git-fixes). * asoc: fsl_sai: disable bit clock with transmitter (git-fixes). * asoc: fsl_spdif: silence output on stop (git-fixes). * asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). * asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). * ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). * block, bfq: fix division by zero error on zero wsum (bsc#1213653). * block: fix a source code comment in include/uapi/linux/blkzoned.h (git- fixes). * can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes). * ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). * coda: avoid partial allocation of sig_inputargs (git-fixes). * dlm: fix missing lkb refcount handling (git-fixes). * dlm: fix plock invalid read (git-fixes). * documentation: devices.txt: reconcile serial/ucc_uart minor numers (git- fixes). * drm/amd/display: disable mpc split by default on special asic (git-fixes). * drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes). * drm/client: fix memory leak in drm_client_modeset_probe (git-fixes). * drm/msm/adreno: fix snapshot bindless_data size (git-fixes). * drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). * drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git- fixes). * drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes). * drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777) * file: always lock position for fmode_atomic_pos (bsc#1213759). * fs: dlm: add midcomms init/start functions (git-fixes). * fs: dlm: do not set stop rx flag after node reset (git-fixes). * fs: dlm: filter user dlm messages for kernel locks (git-fixes). * fs: dlm: fix log of lowcomms vs midcomms (git-fixes). * fs: dlm: fix race between test_bit() and queue_work() (git-fixes). * fs: dlm: fix race in lowcomms (git-fixes). * fs: dlm: handle -ebusy first in lock arg validation (git-fixes). * fs: dlm: move sending fin message into state change handling (git-fixes). * fs: dlm: retry accept() until -eagain or error returns (git-fixes). * fs: dlm: return positive pid value for f_getlk (git-fixes). * fs: dlm: start midcomms before scand (git-fixes). * fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git- fixes). * fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). * fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). * fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes). * gve: set default duplex configuration to full (git-fixes). * gve: unify driver name usage (git-fixes). * hwmon: (k10temp) enable amd3255 proc to show negative temperature (git- fixes). * hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes). * iavf: fix out-of-bounds when setting channels on remove (git-fixes). * iavf: fix use-after-free in free_netdev (git-fixes). * iavf: use internal state to free traffic irqs (git-fixes). * igc: check if hardware tx timestamping is enabled earlier (git-fixes). * igc: enable and fix rx hash usage by netstack (git-fixes). * igc: fix inserting of empty frame for launchtime (git-fixes). * igc: fix kernel panic during ndo_tx_timeout callback (git-fixes). * igc: fix launchtime before start of cycle (git-fixes). * igc: fix race condition in ptp tx code (git-fixes). * igc: handle pps start time programming for past time values (git-fixes). * igc: prevent garbled tx queue with xdp zerocopy (git-fixes). * igc: remove delay during tx ring configuration (git-fixes). * igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). * igc: work around hw bug causing missing timestamps (git-fixes). * input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). * input: iqs269a - do not poll during ati (git-fixes). * input: iqs269a - do not poll during suspend or resume (git-fixes). * jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). * jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). * jffs2: fix memory leak in jffs2_scan_medium (git-fixes). * jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). * jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git- fixes). * jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). * jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes). * kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps") * kvm: arm64: do not read a hw interrupt pending state in user context (git- fixes) * kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) * kvm: do not null dereference ops->destroy (git-fixes) * kvm: downgrade two bug_ons to warn_on_once (git-fixes) * kvm: initialize debugfs_dentry when a vm is created to avoid null (git- fixes) * kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). * kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git- fixes). * kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git- fixes). * kvm: vmx: restore vmx_vmexit alignment (git-fixes). * kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). * libceph: harden msgr2.1 frame segment length checks (bsc#1213857). * media: staging: atomisp: select v4l2_fwnode (git-fixes). * net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). * net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901). * net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901). * net: phy: marvell10g: fix 88x3310 power up (git-fixes). * nfsd: add encoding of op_recall flag for write delegation (git-fixes). * nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). * nfsd: fix sparse warning (git-fixes). * nfsd: remove open coding of string copy (git-fixes). * nfsv4.1: always send a reclaim_complete after establishing lease (git- fixes). * nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git- fixes). * nvme-pci: fix dma direction of unmapping integrity data (git-fixes). * nvme-pci: remove nvme_queue from nvme_iod (git-fixes). * octeontx-af: fix hardware timestamp configuration (git-fixes). * octeontx2-af: move validation of ptp pointer before its usage (git-fixes). * octeontx2-pf: add additional check for mcam rules (git-fixes). * phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git- fixes). * pinctrl: amd: do not show `invalid config param` errors (git-fixes). * pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes). * platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git- fixes). * rdma/bnxt_re: fix hang during driver unload (git-fixes) * rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) * rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) * rdma/irdma: add missing read barriers (git-fixes) * rdma/irdma: fix data race on cqp completion stats (git-fixes) * rdma/irdma: fix data race on cqp request done (git-fixes) * rdma/irdma: fix op_type reporting in cqes (git-fixes) * rdma/irdma: report correct wc error (git-fixes) * rdma/mlx4: make check for invalid flags stricter (git-fixes) * rdma/mthca: fix crash when polling cq for shared qps (git-fixes) * regmap: account for register length in smbus i/o limits (git-fixes). * regmap: drop initial version of maximum transfer length fixes (git-fixes). * revert "debugfs, coccinelle: check for obsolete define_simple_attribute() usage" (git-fixes). * revert "nfsv4: retry lock on old_stateid during delegation return" (git- fixes). * revert "usb: dwc3: core: enable autoretry feature in the controller" (git- fixes). * revert "usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()" (git-fixes). * revert "usb: xhci: tegra: fix error check" (git-fixes). * rpm: update dependency to match current kmod. * rxrpc, afs: fix selection of abort codes (git-fixes). * s390/bpf: add expoline to tail calls (git-fixes bsc#1213870). * s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). * s390/decompressor: specify __decompress() buf len to avoid overflow (git- fixes bsc#1213863). * s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). * s390/qeth: fix vipa deletion (git-fixes bsc#1213713). * s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715). * s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). * scftorture: count reschedule ipis (git-fixes). * scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756). * scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756). * scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756). * scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756). * scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). * scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). * scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756). * scsi: lpfc: fix lpfc_name struct packing (bsc#1213756). * scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756). * scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). * scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756). * scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756). * scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756). * scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756). * scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756). * scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). * scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756). * scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756). * scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756). * scsi: lpfc: use struct_size() helper (bsc#1213756). * scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747). * scsi: qla2xxx: array index may go out of bound (bsc#1213747). * scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747). * scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747). * scsi: qla2xxx: correct the index of array (bsc#1213747). * scsi: qla2xxx: drop useless list_head (bsc#1213747). * scsi: qla2xxx: fix buffer overrun (bsc#1213747). * scsi: qla2xxx: fix command flush during tmf (bsc#1213747). * scsi: qla2xxx: fix deletion race condition (bsc#1213747). * scsi: qla2xxx: fix end of loop test (bsc#1213747). * scsi: qla2xxx: fix erroneous link up failure (bsc#1213747). * scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747). * scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747). * scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747). * scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747). * scsi: qla2xxx: fix session hang in gnl (bsc#1213747). * scsi: qla2xxx: fix tmf leak through (bsc#1213747). * scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747). * scsi: qla2xxx: pointer may be dereferenced (bsc#1213747). * scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747). * scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747). * scsi: qla2xxx: silence a static checker warning (bsc#1213747). * scsi: qla2xxx: turn off noisy message log (bsc#1213747). * scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747). * scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747). * scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747). * serial: qcom-geni: drop bogus runtime pm state update (git-fixes). * serial: sifive: fix sifive_serial_console_setup() section (git-fixes). * soundwire: qcom: update status correctly with mask (git-fixes). * staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git- fixes). * staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes). * sunrpc: always free ctxt when freeing deferred request (git-fixes). * sunrpc: double free xprt_ctxt while still in use (git-fixes). * sunrpc: fix trace_svc_register() call site (git-fixes). * sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). * sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). * sunrpc: remove the maximum number of retries in call_bind_status (git- fixes). * svcrdma: prevent page release when nothing was received (git-fixes). * tpm_tis: explicitly check for error code (git-fixes). * tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes). * ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git- fixes). * ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git- fixes). * ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). * ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git- fixes). * ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes). * ubifs: fix build errors as symbol undefined (git-fixes). * ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git- fixes). * ubifs: fix memory leak in alloc_wbufs() (git-fixes). * ubifs: fix memory leak in do_rename (git-fixes). * ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). * ubifs: fix to add refcount once page is set private (git-fixes). * ubifs: fix wrong dirty space budget for dirty inode (git-fixes). * ubifs: free memory for tmpfile name (git-fixes). * ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes). * ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). * ubifs: rectify space budget for ubifs_xrename() (git-fixes). * ubifs: rename whiteout atomically (git-fixes). * ubifs: rename_whiteout: correct old_dir size computing (git-fixes). * ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes). * ubifs: reserve one leb for each journal head while doing budget (git-fixes). * ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes). * ubifs: ubifs_writepage: mark page dirty after writing inode failed (git- fixes). * update patches.suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference. * usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). * usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes). * usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). * usb: xhci-mtk: set the dma max_seg_size (git-fixes). * vhost: support packed when setting-getting vring_base (git-fixes). * vhost_net: revert upend_idx only on retriable error (git-fixes). * virtio-net: maintain reverse cleanup order (git-fixes). * virtio_net: fix error unwinding of xdp initialization (git-fixes). * x86/pvh: obtain vga console info in dom0 (git-fixes). * xen/blkfront: only check req_fua for writes (git-fixes). * xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3377=1 openSUSE-SLE-15.4-2023-3377=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3377=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * gfs2-kmp-azure-5.14.21-150400.14.63.1 * kernel-syms-azure-5.14.21-150400.14.63.1 * kselftests-kmp-azure-5.14.21-150400.14.63.1 * reiserfs-kmp-azure-5.14.21-150400.14.63.1 * kernel-azure-optional-5.14.21-150400.14.63.1 * kernel-azure-debuginfo-5.14.21-150400.14.63.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.63.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.63.1 * cluster-md-kmp-azure-5.14.21-150400.14.63.1 * dlm-kmp-azure-5.14.21-150400.14.63.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.63.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.63.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.63.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.63.1 * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.63.1 * kernel-azure-extra-5.14.21-150400.14.63.1 * ocfs2-kmp-azure-5.14.21-150400.14.63.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.63.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.63.1 * kernel-azure-devel-5.14.21-150400.14.63.1 * kernel-azure-optional-debuginfo-5.14.21-150400.14.63.1 * kernel-azure-debugsource-5.14.21-150400.14.63.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.63.1 * openSUSE Leap 15.4 (noarch) * kernel-source-azure-5.14.21-150400.14.63.1 * kernel-devel-azure-5.14.21-150400.14.63.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.63.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-devel-debuginfo-5.14.21-150400.14.63.1 * kernel-azure-debuginfo-5.14.21-150400.14.63.1 * kernel-azure-devel-5.14.21-150400.14.63.1 * kernel-syms-azure-5.14.21-150400.14.63.1 * kernel-azure-debugsource-5.14.21-150400.14.63.1 * Public Cloud Module 15-SP4 (noarch) * kernel-source-azure-5.14.21-150400.14.63.1 * kernel-devel-azure-5.14.21-150400.14.63.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-21400.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2166.html * https://www.suse.com/security/cve/CVE-2023-31083.html * https://www.suse.com/security/cve/CVE-2023-3268.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-4004.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207129 * https://bugzilla.suse.com/show_bug.cgi?id=1210627 * https://bugzilla.suse.com/show_bug.cgi?id=1210780 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1212502 * https://bugzilla.suse.com/show_bug.cgi?id=1212604 * https://bugzilla.suse.com/show_bug.cgi?id=1212901 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213272 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213304 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213620 * https://bugzilla.suse.com/show_bug.cgi?id=1213653 * https://bugzilla.suse.com/show_bug.cgi?id=1213713 * https://bugzilla.suse.com/show_bug.cgi?id=1213715 * https://bugzilla.suse.com/show_bug.cgi?id=1213747 * https://bugzilla.suse.com/show_bug.cgi?id=1213756 * https://bugzilla.suse.com/show_bug.cgi?id=1213759 * https://bugzilla.suse.com/show_bug.cgi?id=1213777 * https://bugzilla.suse.com/show_bug.cgi?id=1213810 * https://bugzilla.suse.com/show_bug.cgi?id=1213812 * https://bugzilla.suse.com/show_bug.cgi?id=1213856 * https://bugzilla.suse.com/show_bug.cgi?id=1213857 * https://bugzilla.suse.com/show_bug.cgi?id=1213863 * https://bugzilla.suse.com/show_bug.cgi?id=1213867 * https://bugzilla.suse.com/show_bug.cgi?id=1213870 * https://bugzilla.suse.com/show_bug.cgi?id=1213871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 08:30:02 -0000 Subject: SUSE-SU-2023:3383-1: important: Security update for ucode-intel Message-ID: <169277940289.7501.12423684654273236529@smelt2.suse.de> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:3383-1 Rating: important References: * #1206418 * #1214099 Cross-References: * CVE-2022-40982 * CVE-2022-41804 * CVE-2023-23908 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2022-41804 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H * CVE-2023-23908 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230808 release. (bsc#1214099) * CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure. * CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure. * CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3383=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3383=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3383=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3383=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3383=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3383=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3383=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3383=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3383=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3383=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3383=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3383=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3383=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3383=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3383=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3383=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3383=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3383=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3383=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3383=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3383=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3383=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3383=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3383=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * ucode-intel-20230808-150200.27.1 * openSUSE Leap Micro 5.4 (x86_64) * ucode-intel-20230808-150200.27.1 * openSUSE Leap 15.4 (x86_64) * ucode-intel-20230808-150200.27.1 * openSUSE Leap 15.5 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * ucode-intel-20230808-150200.27.1 * Basesystem Module 15-SP4 (x86_64) * ucode-intel-20230808-150200.27.1 * Basesystem Module 15-SP5 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Manager Proxy 4.2 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Manager Server 4.2 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Enterprise Storage 7.1 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * ucode-intel-20230808-150200.27.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * ucode-intel-20230808-150200.27.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2022-41804.html * https://www.suse.com/security/cve/CVE-2023-23908.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1214099 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 08:30:05 -0000 Subject: SUSE-SU-2023:3382-1: important: Security update for ucode-intel Message-ID: <169277940527.7501.6660805853989974666@smelt2.suse.de> # Security update for ucode-intel Announcement ID: SUSE-SU-2023:3382-1 Rating: important References: * #1206418 * #1214099 Cross-References: * CVE-2022-40982 * CVE-2022-41804 * CVE-2023-23908 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2022-41804 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H * CVE-2023-23908 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230808 release. (bsc#1214099) * CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure. * CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure. * CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3382=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3382=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3382=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * ucode-intel-debuginfo-20230808-123.1 * ucode-intel-20230808-123.1 * ucode-intel-debugsource-20230808-123.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * ucode-intel-debuginfo-20230808-123.1 * ucode-intel-20230808-123.1 * ucode-intel-debugsource-20230808-123.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * ucode-intel-debuginfo-20230808-123.1 * ucode-intel-20230808-123.1 * ucode-intel-debugsource-20230808-123.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2022-41804.html * https://www.suse.com/security/cve/CVE-2023-23908.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1214099 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 08:30:07 -0000 Subject: SUSE-FU-2023:3381-1: moderate: Feature update for scc-hypervisor-collector, python-pyvmomi, virtual-host-gatherer Message-ID: <169277940709.7501.2716907774745823049@smelt2.suse.de> # Feature update for scc-hypervisor-collector, python-pyvmomi, virtual-host- gatherer Announcement ID: SUSE-FU-2023:3381-1 Rating: moderate References: * PED-3623 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for scc-hypervisor-collector, python-pyvmomi, virtual-host-gatherer fixes the following issues: scc-hypervisor-collector: * New package for the implementation of Hypervisor Topology Data to SCC (jsc#PED-3623) python-pyvmomi: * Submission to SUSE Linux Enterprise condestream as dependency for `scc- hypervisor-collector` (jsc#PED-3623) virtual-host-gatherer: * Submission to SUSE Linux Enterprise condestream as dependency for `scc- hypervisor-collector` (jsc#PED-3623) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3381=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3381=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3381=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3381=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3381=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3381=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3381=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3381=1 ## Package List: * openSUSE Leap 15.4 (noarch) * scc-hypervisor-collector-0.1.0~git0.90e575f-150300.7.3.2 * python3-pyvmomi-6.7.3-150200.3.5.5 * virtual-host-gatherer-Libvirt-1.0.26-150300.7.3.3 * virtual-host-gatherer-Kubernetes-1.0.26-150300.7.3.3 * virtual-host-gatherer-VMware-1.0.26-150300.7.3.3 * virtual-host-gatherer-1.0.26-150300.7.3.3 * virtual-host-gatherer-libcloud-1.0.26-150300.7.3.3 * scc-hypervisor-collector-common-0.1.0~git0.90e575f-150300.7.3.2 * virtual-host-gatherer-Nutanix-1.0.26-150300.7.3.3 * openSUSE Leap 15.5 (noarch) * scc-hypervisor-collector-0.1.0~git0.90e575f-150300.7.3.2 * python3-pyvmomi-6.7.3-150200.3.5.5 * virtual-host-gatherer-Libvirt-1.0.26-150300.7.3.3 * virtual-host-gatherer-Kubernetes-1.0.26-150300.7.3.3 * virtual-host-gatherer-VMware-1.0.26-150300.7.3.3 * virtual-host-gatherer-1.0.26-150300.7.3.3 * virtual-host-gatherer-libcloud-1.0.26-150300.7.3.3 * scc-hypervisor-collector-common-0.1.0~git0.90e575f-150300.7.3.2 * virtual-host-gatherer-Nutanix-1.0.26-150300.7.3.3 * Server Applications Module 15-SP4 (noarch) * scc-hypervisor-collector-0.1.0~git0.90e575f-150300.7.3.2 * python3-pyvmomi-6.7.3-150200.3.5.5 * virtual-host-gatherer-Libvirt-1.0.26-150300.7.3.3 * virtual-host-gatherer-Kubernetes-1.0.26-150300.7.3.3 * virtual-host-gatherer-VMware-1.0.26-150300.7.3.3 * virtual-host-gatherer-1.0.26-150300.7.3.3 * virtual-host-gatherer-libcloud-1.0.26-150300.7.3.3 * scc-hypervisor-collector-common-0.1.0~git0.90e575f-150300.7.3.2 * virtual-host-gatherer-Nutanix-1.0.26-150300.7.3.3 * Server Applications Module 15-SP5 (noarch) * scc-hypervisor-collector-0.1.0~git0.90e575f-150300.7.3.2 * python3-pyvmomi-6.7.3-150200.3.5.5 * virtual-host-gatherer-Libvirt-1.0.26-150300.7.3.3 * virtual-host-gatherer-Kubernetes-1.0.26-150300.7.3.3 * virtual-host-gatherer-VMware-1.0.26-150300.7.3.3 * virtual-host-gatherer-1.0.26-150300.7.3.3 * virtual-host-gatherer-libcloud-1.0.26-150300.7.3.3 * scc-hypervisor-collector-common-0.1.0~git0.90e575f-150300.7.3.2 * virtual-host-gatherer-Nutanix-1.0.26-150300.7.3.3 * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * python3-pyvmomi-6.7.3-150200.3.5.5 * SUSE Manager Server 4.2 Module 4.2 (noarch) * python3-pyvmomi-6.7.3-150200.3.5.5 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * scc-hypervisor-collector-0.1.0~git0.90e575f-150300.7.3.2 * python3-pyvmomi-6.7.3-150200.3.5.5 * virtual-host-gatherer-Libvirt-1.0.26-150300.7.3.3 * virtual-host-gatherer-Kubernetes-1.0.26-150300.7.3.3 * virtual-host-gatherer-VMware-1.0.26-150300.7.3.3 * virtual-host-gatherer-1.0.26-150300.7.3.3 * virtual-host-gatherer-libcloud-1.0.26-150300.7.3.3 * scc-hypervisor-collector-common-0.1.0~git0.90e575f-150300.7.3.2 * virtual-host-gatherer-Nutanix-1.0.26-150300.7.3.3 * SUSE Enterprise Storage 7.1 (noarch) * scc-hypervisor-collector-0.1.0~git0.90e575f-150300.7.3.2 * python3-pyvmomi-6.7.3-150200.3.5.5 * virtual-host-gatherer-Libvirt-1.0.26-150300.7.3.3 * virtual-host-gatherer-Kubernetes-1.0.26-150300.7.3.3 * virtual-host-gatherer-VMware-1.0.26-150300.7.3.3 * virtual-host-gatherer-1.0.26-150300.7.3.3 * virtual-host-gatherer-libcloud-1.0.26-150300.7.3.3 * scc-hypervisor-collector-common-0.1.0~git0.90e575f-150300.7.3.2 * virtual-host-gatherer-Nutanix-1.0.26-150300.7.3.3 ## References: * https://jira.suse.com/browse/PED-3623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 12:30:03 -0000 Subject: SUSE-RU-2023:3387-1: moderate: Recommended update for raspberrypi-firmware-dt Message-ID: <169279380377.26832.9296612604060980560@smelt2.suse.de> # Recommended update for raspberrypi-firmware-dt Announcement ID: SUSE-RU-2023:3387-1 Rating: moderate References: * #1212791 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for raspberrypi-firmware-dt fixes the following issues: * Use compatible string which is supported by spidev module (bsc#1212791) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3387=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3387=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3387=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3387=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3387=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3387=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3387=1 openSUSE-SLE-15.4-2023-3387=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3387=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3387=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3387=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * raspberrypi-firmware-dt-2021.11.19-150400.5.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * raspberrypi-firmware-dt-2021.11.19-150400.5.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * raspberrypi-firmware-dt-2021.11.19-150400.5.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * raspberrypi-firmware-dt-2021.11.19-150400.5.3.1 * Basesystem Module 15-SP4 (noarch) * raspberrypi-firmware-dt-2021.11.19-150400.5.3.1 * Basesystem Module 15-SP5 (noarch) * raspberrypi-firmware-dt-2021.11.19-150400.5.3.1 * openSUSE Leap 15.4 (noarch) * raspberrypi-firmware-dt-2021.11.19-150400.5.3.1 * openSUSE Leap Micro 5.3 (noarch) * raspberrypi-firmware-dt-2021.11.19-150400.5.3.1 * openSUSE Leap Micro 5.4 (noarch) * raspberrypi-firmware-dt-2021.11.19-150400.5.3.1 * openSUSE Leap 15.5 (noarch) * raspberrypi-firmware-dt-2021.11.19-150400.5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212791 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 12:30:05 -0000 Subject: SUSE-RU-2023:3386-1: low: Recommended update for xrdb Message-ID: <169279380544.26832.7677613002603757169@smelt2.suse.de> # Recommended update for xrdb Announcement ID: SUSE-RU-2023:3386-1 Rating: low References: * #1211267 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for xrdb fixes the following issues: * Downgrade cpp requires to recommends (bsc#1211267) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3386=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3386=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3386=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3386=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3386=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3386=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3386=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xrdb-debuginfo-1.1.0-150000.3.7.1 * xrdb-1.1.0-150000.3.7.1 * xrdb-debugsource-1.1.0-150000.3.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xrdb-debuginfo-1.1.0-150000.3.7.1 * xrdb-1.1.0-150000.3.7.1 * xrdb-debugsource-1.1.0-150000.3.7.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xrdb-debuginfo-1.1.0-150000.3.7.1 * xrdb-1.1.0-150000.3.7.1 * xrdb-debugsource-1.1.0-150000.3.7.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xrdb-debuginfo-1.1.0-150000.3.7.1 * xrdb-1.1.0-150000.3.7.1 * xrdb-debugsource-1.1.0-150000.3.7.1 * SUSE Manager Proxy 4.2 (x86_64) * xrdb-debuginfo-1.1.0-150000.3.7.1 * xrdb-1.1.0-150000.3.7.1 * xrdb-debugsource-1.1.0-150000.3.7.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xrdb-debuginfo-1.1.0-150000.3.7.1 * xrdb-1.1.0-150000.3.7.1 * xrdb-debugsource-1.1.0-150000.3.7.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * xrdb-debuginfo-1.1.0-150000.3.7.1 * xrdb-1.1.0-150000.3.7.1 * xrdb-debugsource-1.1.0-150000.3.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211267 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 12:30:07 -0000 Subject: SUSE-SU-2023:3385-1: low: Security update for janino Message-ID: <169279380745.26832.7163281869807114015@smelt2.suse.de> # Security update for janino Announcement ID: SUSE-SU-2023:3385-1 Rating: low References: * #1211923 Cross-References: * CVE-2023-33546 CVSS scores: * CVE-2023-33546 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-33546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for janino fixes the following issues: janino was upgraded to version 3.1.10: * CVE-2023-33546: Fixed DoS due to missing error handling (bsc#1211923). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3385=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3385=1 ## Package List: * openSUSE Leap 15.4 (noarch) * commons-compiler-3.1.10-150200.3.7.1 * janino-3.1.10-150200.3.7.1 * janino-javadoc-3.1.10-150200.3.7.1 * openSUSE Leap 15.5 (noarch) * janino-javadoc-3.1.10-150200.3.7.1 * commons-compiler-3.1.10-150200.3.7.1 * janino-3.1.10-150200.3.7.1 * commons-compiler-jdk-3.1.10-150200.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-33546.html * https://bugzilla.suse.com/show_bug.cgi?id=1211923 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 12:30:09 -0000 Subject: SUSE-SU-2023:3384-1: moderate: Security update for postgresql15 Message-ID: <169279380924.26832.5526642854629761784@smelt2.suse.de> # Security update for postgresql15 Announcement ID: SUSE-SU-2023:3384-1 Rating: moderate References: * #1214059 Cross-References: * CVE-2023-39417 CVSS scores: * CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql15 fixes the following issues: * Update to 12.16 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3384=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3384=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * postgresql12-pltcl-debuginfo-12.16-150200.8.47.1 * postgresql12-plperl-debuginfo-12.16-150200.8.47.1 * postgresql12-devel-12.16-150200.8.47.1 * postgresql12-llvmjit-devel-12.16-150200.8.47.1 * postgresql12-plperl-12.16-150200.8.47.1 * postgresql12-llvmjit-debuginfo-12.16-150200.8.47.1 * postgresql12-plpython-12.16-150200.8.47.1 * postgresql12-llvmjit-12.16-150200.8.47.1 * postgresql12-12.16-150200.8.47.1 * postgresql12-devel-debuginfo-12.16-150200.8.47.1 * postgresql12-pltcl-12.16-150200.8.47.1 * postgresql12-contrib-debuginfo-12.16-150200.8.47.1 * postgresql12-server-devel-12.16-150200.8.47.1 * postgresql12-test-12.16-150200.8.47.1 * postgresql12-contrib-12.16-150200.8.47.1 * postgresql12-plpython-debuginfo-12.16-150200.8.47.1 * postgresql12-debuginfo-12.16-150200.8.47.1 * postgresql12-server-devel-debuginfo-12.16-150200.8.47.1 * postgresql12-server-12.16-150200.8.47.1 * postgresql12-debugsource-12.16-150200.8.47.1 * postgresql12-server-debuginfo-12.16-150200.8.47.1 * openSUSE Leap 15.4 (noarch) * postgresql12-docs-12.16-150200.8.47.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * postgresql12-pltcl-debuginfo-12.16-150200.8.47.1 * postgresql12-plperl-debuginfo-12.16-150200.8.47.1 * postgresql12-devel-12.16-150200.8.47.1 * postgresql12-llvmjit-devel-12.16-150200.8.47.1 * postgresql12-plperl-12.16-150200.8.47.1 * postgresql12-llvmjit-debuginfo-12.16-150200.8.47.1 * postgresql12-plpython-12.16-150200.8.47.1 * postgresql12-llvmjit-12.16-150200.8.47.1 * postgresql12-12.16-150200.8.47.1 * postgresql12-devel-debuginfo-12.16-150200.8.47.1 * postgresql12-pltcl-12.16-150200.8.47.1 * postgresql12-contrib-debuginfo-12.16-150200.8.47.1 * postgresql12-server-devel-12.16-150200.8.47.1 * postgresql12-test-12.16-150200.8.47.1 * postgresql12-contrib-12.16-150200.8.47.1 * postgresql12-plpython-debuginfo-12.16-150200.8.47.1 * postgresql12-debuginfo-12.16-150200.8.47.1 * postgresql12-server-devel-debuginfo-12.16-150200.8.47.1 * postgresql12-server-12.16-150200.8.47.1 * postgresql12-debugsource-12.16-150200.8.47.1 * postgresql12-server-debuginfo-12.16-150200.8.47.1 * openSUSE Leap 15.5 (noarch) * postgresql12-docs-12.16-150200.8.47.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39417.html * https://bugzilla.suse.com/show_bug.cgi?id=1214059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 16:30:08 -0000 Subject: SUSE-SU-2023:3392-1: important: Security update for the Linux Kernel Message-ID: <169280820891.28877.11712406857873424316@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3392-1 Rating: important References: * #1206418 * #1207088 * #1210584 * #1211738 * #1211867 * #1212301 * #1212741 * #1212835 * #1213059 * #1213167 * #1213286 * #1213287 * #1213546 * #1213585 * #1213586 * #1213588 * #1213970 * #1214019 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-20593 * CVE-2023-2985 * CVE-2023-34319 * CVE-2023-35001 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 * CVE-2023-4133 * CVE-2023-4194 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves 13 vulnerabilities and has five fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() bsc#1214019). The following non-security bugs were fixed: * arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). * cpufeatures: allow adding more cpuid words * get module prefix from kmod (bsc#1212835). * kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps") * kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. * kernel-docs: use python3 together with python3-sphinx (bsc#1212741). * keys: change keyring_serialise_link_sem to a mutex (bsc#1207088). * keys: fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * keys: hoist locking out of __key_link_begin() (bsc#1207088). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net: mana: add support for vlan tagging (bsc#1212301). * readme.branch: add myself as co-maintainer * remove more packaging cruft for sle < 12 sp3 * rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe they depend on config_toolchain_has__. * timers: add shutdown mechanism to the internal functions (bsc#1213970). * timers: provide timer_shutdown_sync (bsc#1213970). * timers: rename del_timer() to timer_delete() (bsc#1213970). * timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: replace bug_on()s (bsc#1213970). * timers: silently ignore timers with a null function (bsc#1213970). * timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: update kernel-doc for various functions (bsc#1213970). * timers: use del_timer_sync() even on up (bsc#1213970). * ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). * ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * usrmerge: Adjust module path in the kernel sources (bsc#1212835). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3392=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3392=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3392=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-3392=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3392=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3392=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3392=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc) * kernel-kvmsmall-4.12.14-150100.197.154.1 * kernel-default-4.12.14-150100.197.154.1 * kernel-debug-4.12.14-150100.197.154.1 * kernel-zfcpdump-4.12.14-150100.197.154.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-base-debuginfo-4.12.14-150100.197.154.1 * kernel-debug-base-4.12.14-150100.197.154.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-devel-4.12.14-150100.197.154.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.154.1 * kernel-vanilla-debugsource-4.12.14-150100.197.154.1 * kernel-default-base-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-base-4.12.14-150100.197.154.1 * openSUSE Leap 15.4 (x86_64) * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.154.1 * kernel-kvmsmall-base-4.12.14-150100.197.154.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.154.1 * openSUSE Leap 15.4 (s390x) * kernel-default-man-4.12.14-150100.197.154.1 * kernel-zfcpdump-man-4.12.14-150100.197.154.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.154.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-devel-4.12.14-150100.197.154.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.154.1 * kernel-vanilla-debugsource-4.12.14-150100.197.154.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-base-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc) * kernel-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * kernel-default-livepatch-4.12.14-150100.197.154.1 * kernel-default-livepatch-devel-4.12.14-150100.197.154.1 * kernel-livepatch-4_12_14-150100_197_154-default-1-150100.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.154.1 * dlm-kmp-default-debuginfo-4.12.14-150100.197.154.1 * gfs2-kmp-default-4.12.14-150100.197.154.1 * cluster-md-kmp-default-4.12.14-150100.197.154.1 * ocfs2-kmp-default-4.12.14-150100.197.154.1 * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.154.1 * dlm-kmp-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc) * kernel-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64) * kernel-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kernel-obs-build-debugsource-4.12.14-150100.197.154.1 * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-default-devel-4.12.14-150100.197.154.1 * kernel-default-base-debuginfo-4.12.14-150100.197.154.1 * kernel-syms-4.12.14-150100.197.154.1 * kernel-default-base-4.12.14-150100.197.154.1 * kernel-obs-build-4.12.14-150100.197.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-source-4.12.14-150100.197.154.1 * kernel-macros-4.12.14-150100.197.154.1 * kernel-devel-4.12.14-150100.197.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-4.12.14-150100.197.154.1 * reiserfs-kmp-default-4.12.14-150100.197.154.1 * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-default-devel-4.12.14-150100.197.154.1 * kernel-default-base-debuginfo-4.12.14-150100.197.154.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1 * kernel-syms-4.12.14-150100.197.154.1 * kernel-default-base-4.12.14-150100.197.154.1 * kernel-obs-build-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-source-4.12.14-150100.197.154.1 * kernel-macros-4.12.14-150100.197.154.1 * kernel-devel-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * kernel-default-man-4.12.14-150100.197.154.1 * kernel-zfcpdump-debugsource-4.12.14-150100.197.154.1 * kernel-zfcpdump-debuginfo-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * kernel-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * kernel-obs-build-debugsource-4.12.14-150100.197.154.1 * reiserfs-kmp-default-4.12.14-150100.197.154.1 * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-default-devel-4.12.14-150100.197.154.1 * kernel-default-base-debuginfo-4.12.14-150100.197.154.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1 * kernel-syms-4.12.14-150100.197.154.1 * kernel-default-base-4.12.14-150100.197.154.1 * kernel-obs-build-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-source-4.12.14-150100.197.154.1 * kernel-macros-4.12.14-150100.197.154.1 * kernel-devel-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.154.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * kernel-default-4.12.14-150100.197.154.1 * SUSE CaaS Platform 4.0 (x86_64) * kernel-obs-build-debugsource-4.12.14-150100.197.154.1 * reiserfs-kmp-default-4.12.14-150100.197.154.1 * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-default-devel-4.12.14-150100.197.154.1 * kernel-default-base-debuginfo-4.12.14-150100.197.154.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1 * kernel-syms-4.12.14-150100.197.154.1 * kernel-default-base-4.12.14-150100.197.154.1 * kernel-obs-build-4.12.14-150100.197.154.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-source-4.12.14-150100.197.154.1 * kernel-macros-4.12.14-150100.197.154.1 * kernel-devel-4.12.14-150100.197.154.1 * SUSE CaaS Platform 4.0 (noarch nosrc) * kernel-docs-4.12.14-150100.197.154.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 16:30:19 -0000 Subject: SUSE-SU-2023:3390-1: important: Security update for the Linux Kernel Message-ID: <169280821940.28877.9797878378322721503@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3390-1 Rating: important References: * #1206418 * #1207088 * #1209342 * #1210584 * #1211738 * #1211867 * #1212301 * #1212741 * #1212835 * #1212846 * #1213059 * #1213167 * #1213245 * #1213286 * #1213287 * #1213354 * #1213543 * #1213546 * #1213585 * #1213586 * #1213588 * #1213868 * #1213970 * #1214019 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-20593 * CVE-2023-2985 * CVE-2023-3117 * CVE-2023-3390 * CVE-2023-34319 * CVE-2023-35001 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 * CVE-2023-3812 * CVE-2023-4133 * CVE-2023-4194 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 16 vulnerabilities and has eight fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() bsc#1214019). The following non-security bugs were fixed: * arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). * arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). * fix kabi when adding new cpuid leaves * get module prefix from kmod (bsc#1212835). * remove more packaging cruft for sle < 12 sp3 * cifs: fix open leaks in open_cached_dir() (bsc#1209342). * clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). * clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). * init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). * init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). * init: provide arch_cpu_finalize_init() (bsc#1206418). * init: remove check_bugs() leftovers (bsc#1206418). * kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps") * kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. * kernel-docs: use python3 together with python3-sphinx (bsc#1212741). * keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). * keys: fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net: mana: add support for vlan tagging (bsc#1212301). * rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe they depend on config_toolchain_has__. * timers: add shutdown mechanism to the internal functions (bsc#1213970). * timers: provide timer_shutdown_sync (bsc#1213970). * timers: rename del_timer() to timer_delete() (bsc#1213970). * timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). * timers: replace bug_on()s (bsc#1213970). * timers: silently ignore timers with a null function (bsc#1213970). * timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970). * timers: update kernel-doc for various functions (bsc#1213970). * timers: use del_timer_sync() even on up (bsc#1213970). * ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). * usrmerge: adjust module path in the kernel sources (bsc#1212835). * x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). * x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). * x86/microcode/AMD: Make stub function static inline (bsc#1213868). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3390=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-3390=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3390=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3390=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3390=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.160.2 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_39-debugsource-1-150200.5.3.2 * kernel-livepatch-5_3_18-150200_24_160-default-debuginfo-1-150200.5.3.2 * kernel-livepatch-5_3_18-150200_24_160-default-1-150200.5.3.2 * kernel-default-livepatch-devel-5.3.18-150200.24.160.2 * kernel-default-debugsource-5.3.18-150200.24.160.2 * kernel-default-livepatch-5.3.18-150200.24.160.2 * kernel-default-debuginfo-5.3.18-150200.24.160.2 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.160.2 * ocfs2-kmp-default-5.3.18-150200.24.160.2 * dlm-kmp-default-5.3.18-150200.24.160.2 * cluster-md-kmp-default-5.3.18-150200.24.160.2 * kernel-default-debuginfo-5.3.18-150200.24.160.2 * gfs2-kmp-default-5.3.18-150200.24.160.2 * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.160.2 * kernel-default-debugsource-5.3.18-150200.24.160.2 * dlm-kmp-default-debuginfo-5.3.18-150200.24.160.2 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.160.2 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.160.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150200.24.160.2 * kernel-preempt-5.3.18-150200.24.160.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-obs-build-5.3.18-150200.24.160.2 * kernel-obs-build-debugsource-5.3.18-150200.24.160.2 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.160.2 * kernel-default-base-5.3.18-150200.24.160.2.150200.9.79.2 * kernel-preempt-debugsource-5.3.18-150200.24.160.2 * kernel-default-devel-debuginfo-5.3.18-150200.24.160.2 * kernel-preempt-devel-5.3.18-150200.24.160.2 * kernel-preempt-debuginfo-5.3.18-150200.24.160.2 * kernel-default-debugsource-5.3.18-150200.24.160.2 * kernel-syms-5.3.18-150200.24.160.1 * kernel-default-devel-5.3.18-150200.24.160.2 * kernel-default-debuginfo-5.3.18-150200.24.160.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-macros-5.3.18-150200.24.160.1 * kernel-devel-5.3.18-150200.24.160.1 * kernel-source-5.3.18-150200.24.160.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.160.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.160.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.3.18-150200.24.160.2 * kernel-obs-build-debugsource-5.3.18-150200.24.160.2 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.160.2 * kernel-default-base-5.3.18-150200.24.160.2.150200.9.79.2 * reiserfs-kmp-default-5.3.18-150200.24.160.2 * kernel-default-devel-debuginfo-5.3.18-150200.24.160.2 * kernel-syms-5.3.18-150200.24.160.1 * kernel-default-debugsource-5.3.18-150200.24.160.2 * kernel-default-devel-5.3.18-150200.24.160.2 * kernel-default-debuginfo-5.3.18-150200.24.160.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-macros-5.3.18-150200.24.160.1 * kernel-devel-5.3.18-150200.24.160.1 * kernel-source-5.3.18-150200.24.160.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.160.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.160.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.160.2 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.160.2 * kernel-preempt-devel-5.3.18-150200.24.160.2 * kernel-preempt-debuginfo-5.3.18-150200.24.160.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.160.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kernel-obs-build-5.3.18-150200.24.160.2 * kernel-obs-build-debugsource-5.3.18-150200.24.160.2 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.160.2 * kernel-default-base-5.3.18-150200.24.160.2.150200.9.79.2 * reiserfs-kmp-default-5.3.18-150200.24.160.2 * kernel-default-devel-debuginfo-5.3.18-150200.24.160.2 * kernel-syms-5.3.18-150200.24.160.1 * kernel-default-debugsource-5.3.18-150200.24.160.2 * kernel-default-devel-5.3.18-150200.24.160.2 * kernel-default-debuginfo-5.3.18-150200.24.160.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-macros-5.3.18-150200.24.160.1 * kernel-devel-5.3.18-150200.24.160.1 * kernel-source-5.3.18-150200.24.160.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.160.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.160.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-debugsource-5.3.18-150200.24.160.2 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.160.2 * kernel-preempt-devel-5.3.18-150200.24.160.2 * kernel-preempt-debuginfo-5.3.18-150200.24.160.2 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1209342 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213354 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213868 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1214019 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 16:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 16:30:21 -0000 Subject: SUSE-RU-2023:3393-1: important: Recommended update for dracut Message-ID: <169280822125.28877.9248799699679218541@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:3393-1 Rating: important References: * #1214081 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for dracut fixes the following issues: * Protect against broken links pointing to themselves * Exit if resolving executable dependencies fails (bsc#1214081) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3393=1 openSUSE-SLE-15.5-2023-3393=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3393=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * dracut-debuginfo-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-fips-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-extra-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-mkinitrd-deprecated-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-debugsource-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-tools-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-ima-055+suse.369.gde6c81bf-150500.3.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-fips-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-mkinitrd-deprecated-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-debugsource-055+suse.369.gde6c81bf-150500.3.9.1 * dracut-ima-055+suse.369.gde6c81bf-150500.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214081 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 16:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 16:30:31 -0000 Subject: SUSE-SU-2023:3391-1: important: Security update for the Linux Kernel Message-ID: <169280823156.28877.10626277374783909600@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3391-1 Rating: important References: * #1199304 * #1206418 * #1207270 * #1210584 * #1211131 * #1211738 * #1211867 * #1212301 * #1212741 * #1212835 * #1212846 * #1213059 * #1213061 * #1213167 * #1213245 * #1213286 * #1213287 * #1213354 * #1213543 * #1213585 * #1213586 * #1213588 * #1213653 * #1213868 * PED-4567 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-20593 * CVE-2023-2156 * CVE-2023-2985 * CVE-2023-3117 * CVE-2023-31248 * CVE-2023-3390 * CVE-2023-35001 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 * CVE-2023-3812 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 15 vulnerabilities, contains one feature and has nine fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: * arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). * block, bfq: fix division by zero error on zero wsum (bsc#1213653). * get module prefix from kmod (bsc#1212835). * init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). * init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). * init: provide arch_cpu_finalize_init() (bsc#1206418). * init: remove check_bugs() leftovers (bsc#1206418). * jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). * kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps") * kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. * kernel-docs: use python3 together with python3-sphinx (bsc#1212741). * keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). * lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). * locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). * locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). * locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). * locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). * locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). * locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). * locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). * locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). * locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). * locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). * locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). * locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). * locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). * locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). * locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). * locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). * locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). * locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). * locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). * locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net: mana: add support for vlan tagging (bsc#1212301). * ocfs2: fix a deadlock when commit trans (bsc#1199304). * ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). * ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). * remove more packaging cruft for sle < 12 sp3 * rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe they depend on config_toolchain_has__. * rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). * rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). * ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). * ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * usrmerge: adjust module path in the kernel sources (bsc#1212835). * x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). * x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). * x86/microcode/AMD: Make stub function static inline (bsc#1213868). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3391=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3391=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3391=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3391=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3391=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3391=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3391=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3391=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3391=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3391=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3391=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3391=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3391=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3391=1 ## Package List: * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.3.18-150300.59.130.1 * openSUSE Leap 15.4 (aarch64) * dtb-al-5.3.18-150300.59.130.1 * dtb-zte-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-livepatch-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-livepatch-devel-5.3.18-150300.59.130.1 * kernel-livepatch-5_3_18-150300_59_130-default-1-150300.7.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.130.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.130.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.130.1 * cluster-md-kmp-default-5.3.18-150300.59.130.1 * gfs2-kmp-default-5.3.18-150300.59.130.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.130.1 * ocfs2-kmp-default-5.3.18-150300.59.130.1 * dlm-kmp-default-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.130.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-64kb-devel-5.3.18-150300.59.130.1 * kernel-64kb-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-obs-build-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-5.3.18-150300.59.130.1 * kernel-syms-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-obs-build-5.3.18-150300.59.130.1 * kernel-preempt-devel-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-source-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.130.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-64kb-devel-5.3.18-150300.59.130.1 * kernel-64kb-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-obs-build-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-5.3.18-150300.59.130.1 * kernel-syms-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-obs-build-5.3.18-150300.59.130.1 * kernel-preempt-devel-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-source-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.130.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-64kb-devel-5.3.18-150300.59.130.1 * kernel-64kb-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-5.3.18-150300.59.130.1 * kernel-syms-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-obs-build-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-source-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-preempt-devel-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.130.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-5.3.18-150300.59.130.1 * kernel-syms-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-obs-build-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-source-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-preempt-devel-5.3.18-150300.59.130.1 * SUSE Manager Proxy 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * kernel-default-5.3.18-150300.59.130.1 * SUSE Manager Proxy 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * SUSE Manager Proxy 4.2 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * kernel-default-5.3.18-150300.59.130.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64) * kernel-default-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.130.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.130.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-64kb-devel-5.3.18-150300.59.130.1 * kernel-64kb-debuginfo-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * kernel-default-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-obs-build-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-5.3.18-150300.59.130.1 * kernel-syms-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-obs-build-5.3.18-150300.59.130.1 * kernel-preempt-devel-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-source-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://bugzilla.suse.com/show_bug.cgi?id=1199304 * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207270 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213354 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213653 * https://bugzilla.suse.com/show_bug.cgi?id=1213868 * https://jira.suse.com/browse/PED-4567 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 16:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 16:30:34 -0000 Subject: SUSE-SU-2023:3389-1: moderate: Security update for kernel-firmware Message-ID: <169280823453.28877.8625967781004846779@smelt2.suse.de> # Security update for kernel-firmware Announcement ID: SUSE-SU-2023:3389-1 Rating: moderate References: * #1213287 Cross-References: * CVE-2023-20569 CVSS scores: * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3389=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3389=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3389=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3389=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3389=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3389=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * ucode-amd-20200107-150100.3.37.1 * kernel-firmware-20200107-150100.3.37.1 * SUSE CaaS Platform 4.0 (noarch) * ucode-amd-20200107-150100.3.37.1 * kernel-firmware-20200107-150100.3.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * ucode-amd-20200107-150100.3.37.1 * kernel-firmware-20200107-150100.3.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * ucode-amd-20200107-150100.3.37.1 * kernel-firmware-20200107-150100.3.37.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * ucode-amd-20200107-150100.3.37.1 * kernel-firmware-20200107-150100.3.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * ucode-amd-20200107-150100.3.37.1 * kernel-firmware-20200107-150100.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * ucode-amd-20200107-150100.3.37.1 * kernel-firmware-20200107-150100.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20569.html * https://bugzilla.suse.com/show_bug.cgi?id=1213287 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 16:30:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 16:30:39 -0000 Subject: SUSE-RU-2023:3388-1: important: Recommended update for binutils Message-ID: <169280823937.28877.9965325373845125477@smelt2.suse.de> # Recommended update for binutils Announcement ID: SUSE-RU-2023:3388-1 Rating: important References: * #1213282 * PED-1435 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for binutils fixes the following issues: * Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3388=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3388=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3388=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3388=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3388=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3388=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3388=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3388=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3388=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3388=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3388=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3388=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3388=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3388=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3388=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3388=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3388=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3388=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3388=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3388=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3388=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3388=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cross-i386-binutils-debugsource-2.39-150100.7.43.1 * binutils-gold-2.39-150100.7.43.2 * cross-riscv64-binutils-debuginfo-2.39-150100.7.43.1 * cross-s390-binutils-debugsource-2.39-150100.7.43.1 * cross-i386-binutils-2.39-150100.7.43.1 * cross-rx-binutils-2.39-150100.7.43.1 * cross-sparc-binutils-debuginfo-2.39-150100.7.43.1 * cross-sparc64-binutils-debuginfo-2.39-150100.7.43.1 * cross-spu-binutils-debugsource-2.39-150100.7.43.1 * cross-epiphany-binutils-2.39-150100.7.43.1 * cross-ppc64-binutils-2.39-150100.7.43.1 * cross-sparc-binutils-debugsource-2.39-150100.7.43.1 * cross-ppc-binutils-debugsource-2.39-150100.7.43.1 * cross-ppc-binutils-2.39-150100.7.43.1 * cross-riscv64-binutils-2.39-150100.7.43.1 * libctf0-debuginfo-2.39-150100.7.43.2 * cross-rx-binutils-debuginfo-2.39-150100.7.43.1 * cross-sparc64-binutils-debugsource-2.39-150100.7.43.1 * cross-arm-binutils-2.39-150100.7.43.1 * cross-m68k-binutils-2.39-150100.7.43.1 * binutils-gold-debuginfo-2.39-150100.7.43.2 * cross-spu-binutils-2.39-150100.7.43.1 * cross-riscv64-binutils-debugsource-2.39-150100.7.43.1 * cross-spu-binutils-debuginfo-2.39-150100.7.43.1 * cross-sparc-binutils-2.39-150100.7.43.1 * cross-epiphany-binutils-debugsource-2.39-150100.7.43.1 * libctf-nobfd0-2.39-150100.7.43.2 * cross-hppa-binutils-2.39-150100.7.43.1 * cross-avr-binutils-2.39-150100.7.43.1 * cross-rx-binutils-debugsource-2.39-150100.7.43.1 * binutils-debugsource-2.39-150100.7.43.2 * cross-mips-binutils-debugsource-2.39-150100.7.43.1 * binutils-devel-2.39-150100.7.43.2 * cross-hppa64-binutils-debugsource-2.39-150100.7.43.1 * cross-ia64-binutils-debugsource-2.39-150100.7.43.1 * cross-m68k-binutils-debugsource-2.39-150100.7.43.1 * cross-ppc64-binutils-debugsource-2.39-150100.7.43.1 * cross-m68k-binutils-debuginfo-2.39-150100.7.43.1 * cross-mips-binutils-2.39-150100.7.43.1 * binutils-2.39-150100.7.43.2 * binutils-debuginfo-2.39-150100.7.43.2 * cross-ia64-binutils-2.39-150100.7.43.1 * cross-sparc64-binutils-2.39-150100.7.43.1 * cross-mips-binutils-debuginfo-2.39-150100.7.43.1 * cross-hppa64-binutils-2.39-150100.7.43.1 * cross-s390-binutils-debuginfo-2.39-150100.7.43.1 * cross-arm-binutils-debuginfo-2.39-150100.7.43.1 * cross-arm-binutils-debugsource-2.39-150100.7.43.1 * cross-ppc-binutils-debuginfo-2.39-150100.7.43.1 * cross-s390-binutils-2.39-150100.7.43.1 * cross-hppa-binutils-debuginfo-2.39-150100.7.43.1 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * cross-ia64-binutils-debuginfo-2.39-150100.7.43.1 * cross-ppc64-binutils-debuginfo-2.39-150100.7.43.1 * cross-i386-binutils-debuginfo-2.39-150100.7.43.1 * libctf0-2.39-150100.7.43.2 * cross-avr-binutils-debugsource-2.39-150100.7.43.1 * cross-hppa64-binutils-debuginfo-2.39-150100.7.43.1 * cross-epiphany-binutils-debuginfo-2.39-150100.7.43.1 * cross-avr-binutils-debuginfo-2.39-150100.7.43.1 * cross-hppa-binutils-debugsource-2.39-150100.7.43.1 * openSUSE Leap 15.4 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * cross-aarch64-binutils-debugsource-2.39-150100.7.43.1 * cross-aarch64-binutils-2.39-150100.7.43.1 * cross-aarch64-binutils-debuginfo-2.39-150100.7.43.1 * openSUSE Leap 15.4 (aarch64 s390x x86_64) * cross-ppc64le-binutils-2.39-150100.7.43.1 * cross-ppc64le-binutils-debuginfo-2.39-150100.7.43.1 * cross-ppc64le-binutils-debugsource-2.39-150100.7.43.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * cross-s390x-binutils-debuginfo-2.39-150100.7.43.1 * cross-s390x-binutils-2.39-150100.7.43.1 * cross-s390x-binutils-debugsource-2.39-150100.7.43.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x) * cross-x86_64-binutils-debuginfo-2.39-150100.7.43.1 * cross-x86_64-binutils-debugsource-2.39-150100.7.43.1 * cross-x86_64-binutils-2.39-150100.7.43.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cross-i386-binutils-debugsource-2.39-150100.7.43.1 * binutils-gold-2.39-150100.7.43.2 * cross-riscv64-binutils-debuginfo-2.39-150100.7.43.1 * cross-s390-binutils-debugsource-2.39-150100.7.43.1 * cross-i386-binutils-2.39-150100.7.43.1 * cross-rx-binutils-2.39-150100.7.43.1 * cross-sparc-binutils-debuginfo-2.39-150100.7.43.1 * cross-sparc64-binutils-debuginfo-2.39-150100.7.43.1 * cross-spu-binutils-debugsource-2.39-150100.7.43.1 * cross-epiphany-binutils-2.39-150100.7.43.1 * cross-ppc64-binutils-2.39-150100.7.43.1 * cross-sparc-binutils-debugsource-2.39-150100.7.43.1 * cross-ppc-binutils-debugsource-2.39-150100.7.43.1 * cross-ppc-binutils-2.39-150100.7.43.1 * cross-riscv64-binutils-2.39-150100.7.43.1 * libctf0-debuginfo-2.39-150100.7.43.2 * cross-rx-binutils-debuginfo-2.39-150100.7.43.1 * cross-sparc64-binutils-debugsource-2.39-150100.7.43.1 * cross-arm-binutils-2.39-150100.7.43.1 * cross-m68k-binutils-2.39-150100.7.43.1 * cross-xtensa-binutils-2.39-150100.7.43.1 * binutils-gold-debuginfo-2.39-150100.7.43.2 * cross-spu-binutils-2.39-150100.7.43.1 * cross-riscv64-binutils-debugsource-2.39-150100.7.43.1 * cross-spu-binutils-debuginfo-2.39-150100.7.43.1 * cross-sparc-binutils-2.39-150100.7.43.1 * cross-epiphany-binutils-debugsource-2.39-150100.7.43.1 * cross-xtensa-binutils-debuginfo-2.39-150100.7.43.1 * libctf-nobfd0-2.39-150100.7.43.2 * cross-hppa-binutils-2.39-150100.7.43.1 * cross-avr-binutils-2.39-150100.7.43.1 * cross-rx-binutils-debugsource-2.39-150100.7.43.1 * binutils-debugsource-2.39-150100.7.43.2 * cross-mips-binutils-debugsource-2.39-150100.7.43.1 * binutils-devel-2.39-150100.7.43.2 * cross-hppa64-binutils-debugsource-2.39-150100.7.43.1 * cross-ia64-binutils-debugsource-2.39-150100.7.43.1 * cross-m68k-binutils-debugsource-2.39-150100.7.43.1 * cross-ppc64-binutils-debugsource-2.39-150100.7.43.1 * cross-m68k-binutils-debuginfo-2.39-150100.7.43.1 * cross-mips-binutils-2.39-150100.7.43.1 * binutils-2.39-150100.7.43.2 * binutils-debuginfo-2.39-150100.7.43.2 * cross-ia64-binutils-2.39-150100.7.43.1 * cross-sparc64-binutils-2.39-150100.7.43.1 * cross-mips-binutils-debuginfo-2.39-150100.7.43.1 * cross-hppa64-binutils-2.39-150100.7.43.1 * cross-s390-binutils-debuginfo-2.39-150100.7.43.1 * cross-arm-binutils-debuginfo-2.39-150100.7.43.1 * cross-arm-binutils-debugsource-2.39-150100.7.43.1 * cross-ppc-binutils-debuginfo-2.39-150100.7.43.1 * cross-s390-binutils-2.39-150100.7.43.1 * cross-hppa-binutils-debuginfo-2.39-150100.7.43.1 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * cross-ia64-binutils-debuginfo-2.39-150100.7.43.1 * cross-ppc64-binutils-debuginfo-2.39-150100.7.43.1 * cross-i386-binutils-debuginfo-2.39-150100.7.43.1 * libctf0-2.39-150100.7.43.2 * cross-xtensa-binutils-debugsource-2.39-150100.7.43.1 * cross-avr-binutils-debugsource-2.39-150100.7.43.1 * cross-hppa64-binutils-debuginfo-2.39-150100.7.43.1 * cross-epiphany-binutils-debuginfo-2.39-150100.7.43.1 * cross-avr-binutils-debuginfo-2.39-150100.7.43.1 * cross-hppa-binutils-debugsource-2.39-150100.7.43.1 * openSUSE Leap 15.5 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * cross-aarch64-binutils-debugsource-2.39-150100.7.43.1 * cross-aarch64-binutils-2.39-150100.7.43.1 * cross-aarch64-binutils-debuginfo-2.39-150100.7.43.1 * openSUSE Leap 15.5 (aarch64 s390x x86_64) * cross-ppc64le-binutils-2.39-150100.7.43.1 * cross-ppc64le-binutils-debuginfo-2.39-150100.7.43.1 * cross-ppc64le-binutils-debugsource-2.39-150100.7.43.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * cross-s390x-binutils-debuginfo-2.39-150100.7.43.1 * cross-s390x-binutils-2.39-150100.7.43.1 * cross-s390x-binutils-debugsource-2.39-150100.7.43.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x) * cross-x86_64-binutils-debuginfo-2.39-150100.7.43.1 * cross-x86_64-binutils-debugsource-2.39-150100.7.43.1 * cross-x86_64-binutils-2.39-150100.7.43.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * Development Tools Module 15-SP4 (x86_64) * binutils-debugsource-2.39-150100.7.43.2 * binutils-devel-32bit-2.39-150100.7.43.2 * Development Tools Module 15-SP5 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * binutils-gold-debuginfo-2.39-150100.7.43.2 * binutils-gold-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * binutils-gold-debuginfo-2.39-150100.7.43.2 * binutils-gold-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE Manager Proxy 4.2 (x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 * SUSE Enterprise Storage 7.1 (x86_64) * binutils-devel-32bit-2.39-150100.7.43.2 * SUSE CaaS Platform 4.0 (x86_64) * binutils-debuginfo-2.39-150100.7.43.2 * libctf-nobfd0-2.39-150100.7.43.2 * binutils-debugsource-2.39-150100.7.43.2 * libctf-nobfd0-debuginfo-2.39-150100.7.43.2 * binutils-devel-32bit-2.39-150100.7.43.2 * binutils-devel-2.39-150100.7.43.2 * libctf0-2.39-150100.7.43.2 * binutils-2.39-150100.7.43.2 * libctf0-debuginfo-2.39-150100.7.43.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213282 * https://jira.suse.com/browse/PED-1435 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:02 -0000 Subject: SUSE-SU-2023:3409-1: important: Security update for erlang Message-ID: <169282260265.15036.15389061495142102922@smelt2.suse.de> # Security update for erlang Announcement ID: SUSE-SU-2023:3409-1 Rating: important References: * #1205318 * #1207113 Cross-References: * CVE-2022-37026 CVSS scores: * CVE-2022-37026 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2022-37026 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for erlang fixes the following issues: * Replaced the CVE-2022-37026 patch with the one released by the upstream to fix a regression in the previous one. (bsc#1205318) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3409=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3409=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3409=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * erlang-debugsource-22.2.7-150200.3.8.1 * erlang-22.2.7-150200.3.8.1 * erlang-epmd-debuginfo-22.2.7-150200.3.8.1 * erlang-epmd-22.2.7-150200.3.8.1 * erlang-debuginfo-22.2.7-150200.3.8.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * erlang-debugsource-22.2.7-150200.3.8.1 * erlang-22.2.7-150200.3.8.1 * erlang-epmd-debuginfo-22.2.7-150200.3.8.1 * erlang-epmd-22.2.7-150200.3.8.1 * erlang-debuginfo-22.2.7-150200.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * erlang-debugsource-22.2.7-150200.3.8.1 * erlang-22.2.7-150200.3.8.1 * erlang-epmd-debuginfo-22.2.7-150200.3.8.1 * erlang-epmd-22.2.7-150200.3.8.1 * erlang-debuginfo-22.2.7-150200.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2022-37026.html * https://bugzilla.suse.com/show_bug.cgi?id=1205318 * https://bugzilla.suse.com/show_bug.cgi?id=1207113 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:05 -0000 Subject: SUSE-SU-2023:3408-1: important: Security update for nodejs14 Message-ID: <169282260553.15036.7986095745594278280@smelt2.suse.de> # Security update for nodejs14 Announcement ID: SUSE-SU-2023:3408-1 Rating: important References: * #1212574 * #1212582 * #1212583 * #1214150 * #1214154 * #1214156 Cross-References: * CVE-2023-30581 * CVE-2023-30589 * CVE-2023-30590 * CVE-2023-32002 * CVE-2023-32006 * CVE-2023-32559 CVSS scores: * CVE-2023-30581 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-30589 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-30590 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-32002 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2023-32006 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-32006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32559 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves six vulnerabilities can now be installed. ## Description: This update for nodejs14 fixes the following issues: * CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). * CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). * CVE-2023-30581: Fixed mainModule.proto bypass (bsc#1212574). * CVE-2023-30590: Fixed missing DiffieHellman key generation (bsc#1212583). * CVE-2023-30589: Fixed HTTP Request Smuggling via Empty headers separated by CR (bsc#1212582). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3408=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3408=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3408=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3408=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3408=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3408=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3408=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3408=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3408=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3408=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * corepack14-14.21.3-150200.15.49.1 * nodejs14-devel-14.21.3-150200.15.49.1 * nodejs14-debugsource-14.21.3-150200.15.49.1 * npm14-14.21.3-150200.15.49.1 * nodejs14-14.21.3-150200.15.49.1 * nodejs14-debuginfo-14.21.3-150200.15.49.1 * openSUSE Leap 15.4 (noarch) * nodejs14-docs-14.21.3-150200.15.49.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs14-devel-14.21.3-150200.15.49.1 * nodejs14-debugsource-14.21.3-150200.15.49.1 * npm14-14.21.3-150200.15.49.1 * nodejs14-14.21.3-150200.15.49.1 * nodejs14-debuginfo-14.21.3-150200.15.49.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.49.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs14-devel-14.21.3-150200.15.49.1 * nodejs14-debugsource-14.21.3-150200.15.49.1 * npm14-14.21.3-150200.15.49.1 * nodejs14-14.21.3-150200.15.49.1 * nodejs14-debuginfo-14.21.3-150200.15.49.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.49.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs14-devel-14.21.3-150200.15.49.1 * nodejs14-debugsource-14.21.3-150200.15.49.1 * npm14-14.21.3-150200.15.49.1 * nodejs14-14.21.3-150200.15.49.1 * nodejs14-debuginfo-14.21.3-150200.15.49.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.49.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs14-devel-14.21.3-150200.15.49.1 * nodejs14-debugsource-14.21.3-150200.15.49.1 * npm14-14.21.3-150200.15.49.1 * nodejs14-14.21.3-150200.15.49.1 * nodejs14-debuginfo-14.21.3-150200.15.49.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.49.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs14-devel-14.21.3-150200.15.49.1 * nodejs14-debugsource-14.21.3-150200.15.49.1 * npm14-14.21.3-150200.15.49.1 * nodejs14-14.21.3-150200.15.49.1 * nodejs14-debuginfo-14.21.3-150200.15.49.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs14-devel-14.21.3-150200.15.49.1 * nodejs14-debugsource-14.21.3-150200.15.49.1 * npm14-14.21.3-150200.15.49.1 * nodejs14-14.21.3-150200.15.49.1 * nodejs14-debuginfo-14.21.3-150200.15.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs14-devel-14.21.3-150200.15.49.1 * nodejs14-debugsource-14.21.3-150200.15.49.1 * npm14-14.21.3-150200.15.49.1 * nodejs14-14.21.3-150200.15.49.1 * nodejs14-debuginfo-14.21.3-150200.15.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.49.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs14-devel-14.21.3-150200.15.49.1 * nodejs14-debugsource-14.21.3-150200.15.49.1 * npm14-14.21.3-150200.15.49.1 * nodejs14-14.21.3-150200.15.49.1 * nodejs14-debuginfo-14.21.3-150200.15.49.1 * SUSE Manager Server 4.2 (noarch) * nodejs14-docs-14.21.3-150200.15.49.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs14-devel-14.21.3-150200.15.49.1 * nodejs14-debugsource-14.21.3-150200.15.49.1 * npm14-14.21.3-150200.15.49.1 * nodejs14-14.21.3-150200.15.49.1 * nodejs14-debuginfo-14.21.3-150200.15.49.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs14-docs-14.21.3-150200.15.49.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30581.html * https://www.suse.com/security/cve/CVE-2023-30589.html * https://www.suse.com/security/cve/CVE-2023-30590.html * https://www.suse.com/security/cve/CVE-2023-32002.html * https://www.suse.com/security/cve/CVE-2023-32006.html * https://www.suse.com/security/cve/CVE-2023-32559.html * https://bugzilla.suse.com/show_bug.cgi?id=1212574 * https://bugzilla.suse.com/show_bug.cgi?id=1212582 * https://bugzilla.suse.com/show_bug.cgi?id=1212583 * https://bugzilla.suse.com/show_bug.cgi?id=1214150 * https://bugzilla.suse.com/show_bug.cgi?id=1214154 * https://bugzilla.suse.com/show_bug.cgi?id=1214156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:08 -0000 Subject: SUSE-SU-2023:3407-1: moderate: Security update for redis Message-ID: <169282260816.15036.14622514570426806695@smelt2.suse.de> # Security update for redis Announcement ID: SUSE-SU-2023:3407-1 Rating: moderate References: * #1210548 * #1213193 Cross-References: * CVE-2022-24834 * CVE-2023-28856 CVSS scores: * CVE-2022-24834 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-24834 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28856 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28856 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for redis fixes the following issues: * CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field. (bsc#1210548) * CVE-2022-24834: Fixed a heap overflow in the cjson and cmsgpack libraries. (bsc#1213193) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3407=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3407=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3407=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3407=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3407=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3407=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3407=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3407=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3407=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3407=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3407=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3407=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3407=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Manager Proxy 4.2 (x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * redis-debuginfo-6.0.14-150200.6.26.1 * redis-debugsource-6.0.14-150200.6.26.1 * redis-6.0.14-150200.6.26.1 ## References: * https://www.suse.com/security/cve/CVE-2022-24834.html * https://www.suse.com/security/cve/CVE-2023-28856.html * https://bugzilla.suse.com/show_bug.cgi?id=1210548 * https://bugzilla.suse.com/show_bug.cgi?id=1213193 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:10 -0000 Subject: SUSE-SU-2023:3406-1: important: Security update for java-1_8_0-ibm Message-ID: <169282261015.15036.16069153317492725840@smelt2.suse.de> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:3406-1 Rating: important References: * #1214431 Cross-References: * CVE-2022-40609 * CVE-2023-22006 * CVE-2023-22036 * CVE-2023-22041 * CVE-2023-22044 * CVE-2023-22045 * CVE-2023-22049 * CVE-2023-25193 CVSS scores: * CVE-2022-40609 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-40609 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22006 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22006 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22036 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22036 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22041 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22041 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22044 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22044 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22049 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 10 (bsc#1213541) * CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. (bsc#1213934) * CVE-2023-22041: Fixed a flaw whcih could allow unauthorized access to critical data or complete access. (bsc#1213475) * CVE-2023-22049: Fixed a flaw which could result in unauthorized update. (bsc#1213482) * CVE-2023-22045: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213481) * CVE-2023-22044: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213479) * CVE-2023-22036: Fixed a flaw which could result in unauthorized ability to cause a partial denial of service. (bsc#1213474) * CVE-2023-25193: Fixed a flaw which could allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. (bsc#1207922) * CVE-2023-22006: Fixed a flaw which could result in unauthorized update, insert or delete access for JDK accessible data. (bsc#1213473) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3406=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3406=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3406=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3406=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (nosrc) * java-1_8_0-ibm-1.8.0_sr8.10-30.114.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-30.114.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-30.114.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-30.114.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-30.114.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.10-30.114.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-30.114.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40609.html * https://www.suse.com/security/cve/CVE-2023-22006.html * https://www.suse.com/security/cve/CVE-2023-22036.html * https://www.suse.com/security/cve/CVE-2023-22041.html * https://www.suse.com/security/cve/CVE-2023-22044.html * https://www.suse.com/security/cve/CVE-2023-22045.html * https://www.suse.com/security/cve/CVE-2023-22049.html * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1214431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:11 -0000 Subject: SUSE-SU-2023:3405-1: important: Security update for ca-certificates-mozilla Message-ID: <169282261184.15036.441528238778262163@smelt2.suse.de> # Security update for ca-certificates-mozilla Announcement ID: SUSE-SU-2023:3405-1 Rating: important References: * #1214248 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for ca-certificates-mozilla fixes the following issues: * Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: * Atos TrustedRoot Root CA ECC G2 2020 * Atos TrustedRoot Root CA ECC TLS 2021 * Atos TrustedRoot Root CA RSA G2 2020 * Atos TrustedRoot Root CA RSA TLS 2021 * BJCA Global Root CA1 * BJCA Global Root CA2 * LAWtrust Root CA2 (4096) * Sectigo Public Email Protection Root E46 * Sectigo Public Email Protection Root R46 * Sectigo Public Server Authentication Root E46 * Sectigo Public Server Authentication Root R46 * SSL.com Client ECC Root CA 2022 * SSL.com Client RSA Root CA 2022 * SSL.com TLS ECC Root CA 2022 * SSL.com TLS RSA Root CA 2022 Removed CAs: * Chambers of Commerce Root * E-Tugra Certification Authority * E-Tugra Global Root CA ECC v3 * E-Tugra Global Root CA RSA v3 * Hongkong Post Root CA 1 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3405=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3405=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3405=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * ca-certificates-mozilla-2.62-12.43.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * ca-certificates-mozilla-2.62-12.43.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * ca-certificates-mozilla-2.62-12.43.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214248 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:13 -0000 Subject: SUSE-RU-2023:3404-1: moderate: Recommended update for osinfo-db Message-ID: <169282261301.15036.12726458845676598749@smelt2.suse.de> # Recommended update for osinfo-db Announcement ID: SUSE-RU-2023:3404-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that can now be installed. ## Description: This update for osinfo-db fixes the following issues: * Update to database version 20230719 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3404=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3404=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3404=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * osinfo-db-20230719-3.9.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * osinfo-db-20230719-3.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * osinfo-db-20230719-3.9.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:14 -0000 Subject: SUSE-RU-2023:3403-1: moderate: Recommended update for osinfo-db Message-ID: <169282261427.15036.1867146313329926166@smelt2.suse.de> # Recommended update for osinfo-db Announcement ID: SUSE-RU-2023:3403-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for osinfo-db fixes the following issue: * Update to database version 20230719 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3403=1 SUSE-2023-3403=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3403=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3403=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3403=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3403=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3403=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3403=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3403=1 ## Package List: * openSUSE Leap 15.4 (noarch) * osinfo-db-20230719-150400.3.12.1 * openSUSE Leap Micro 5.3 (noarch) * osinfo-db-20230719-150400.3.12.1 * openSUSE Leap Micro 5.4 (noarch) * osinfo-db-20230719-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * osinfo-db-20230719-150400.3.12.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * osinfo-db-20230719-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * osinfo-db-20230719-150400.3.12.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * osinfo-db-20230719-150400.3.12.1 * Basesystem Module 15-SP4 (noarch) * osinfo-db-20230719-150400.3.12.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:16 -0000 Subject: SUSE-SU-2023:3402-1: low: Security update for gstreamer-plugins-base Message-ID: <169282261602.15036.12867799185375068687@smelt2.suse.de> # Security update for gstreamer-plugins-base Announcement ID: SUSE-SU-2023:3402-1 Rating: low References: * #1213131 Cross-References: * CVE-2023-37328 CVSS scores: * CVE-2023-37328 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer-plugins-base fixes the following issues: * The patch for CVE-2023-37328 is removed because it was added by mistake and the package has never been affected by this vulnerability. (bsc#1213131) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3402=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3402=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3402=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3402=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3402=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstVideo-1_0-1.8.3-13.12.1 * gstreamer-plugins-base-debugsource-1.8.3-13.12.1 * typelib-1_0-GstAudio-1_0-1.8.3-13.12.1 * typelib-1_0-GstRtsp-1_0-1.8.3-13.12.1 * typelib-1_0-GstFft-1_0-1.8.3-13.12.1 * typelib-1_0-GstAllocators-1_0-1.8.3-13.12.1 * gstreamer-plugins-base-devel-1.8.3-13.12.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.12.1 * typelib-1_0-GstSdp-1_0-1.8.3-13.12.1 * typelib-1_0-GstRtp-1_0-1.8.3-13.12.1 * typelib-1_0-GstPbutils-1_0-1.8.3-13.12.1 * typelib-1_0-GstApp-1_0-1.8.3-13.12.1 * typelib-1_0-GstTag-1_0-1.8.3-13.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libgstaudio-1_0-0-1.8.3-13.12.1 * libgstrtsp-1_0-0-1.8.3-13.12.1 * libgstallocators-1_0-0-debuginfo-1.8.3-13.12.1 * libgstrtp-1_0-0-1.8.3-13.12.1 * libgstallocators-1_0-0-1.8.3-13.12.1 * libgstpbutils-1_0-0-debuginfo-1.8.3-13.12.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.12.1 * libgstapp-1_0-0-1.8.3-13.12.1 * libgstrtp-1_0-0-debuginfo-1.8.3-13.12.1 * libgstrtsp-1_0-0-debuginfo-1.8.3-13.12.1 * gstreamer-plugins-base-debugsource-1.8.3-13.12.1 * libgstapp-1_0-0-debuginfo-1.8.3-13.12.1 * libgstaudio-1_0-0-debuginfo-1.8.3-13.12.1 * libgstpbutils-1_0-0-1.8.3-13.12.1 * libgsttag-1_0-0-1.8.3-13.12.1 * libgstsdp-1_0-0-debuginfo-1.8.3-13.12.1 * libgsttag-1_0-0-debuginfo-1.8.3-13.12.1 * libgstvideo-1_0-0-debuginfo-1.8.3-13.12.1 * gstreamer-plugins-base-1.8.3-13.12.1 * libgstvideo-1_0-0-1.8.3-13.12.1 * libgstriff-1_0-0-debuginfo-1.8.3-13.12.1 * libgstsdp-1_0-0-1.8.3-13.12.1 * libgstriff-1_0-0-1.8.3-13.12.1 * libgstfft-1_0-0-1.8.3-13.12.1 * libgstfft-1_0-0-debuginfo-1.8.3-13.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gstreamer-plugins-base-lang-1.8.3-13.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libgstaudio-1_0-0-32bit-1.8.3-13.12.1 * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.12.1 * libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgsttag-1_0-0-32bit-1.8.3-13.12.1 * libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgstvideo-1_0-0-32bit-1.8.3-13.12.1 * libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgstpbutils-1_0-0-32bit-1.8.3-13.12.1 * libgstapp-1_0-0-32bit-1.8.3-13.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgstaudio-1_0-0-1.8.3-13.12.1 * libgstrtsp-1_0-0-1.8.3-13.12.1 * libgstallocators-1_0-0-debuginfo-1.8.3-13.12.1 * libgstrtp-1_0-0-1.8.3-13.12.1 * libgstallocators-1_0-0-1.8.3-13.12.1 * libgstpbutils-1_0-0-debuginfo-1.8.3-13.12.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.12.1 * libgstapp-1_0-0-1.8.3-13.12.1 * libgstrtp-1_0-0-debuginfo-1.8.3-13.12.1 * libgstrtsp-1_0-0-debuginfo-1.8.3-13.12.1 * gstreamer-plugins-base-debugsource-1.8.3-13.12.1 * libgstapp-1_0-0-debuginfo-1.8.3-13.12.1 * libgstaudio-1_0-0-debuginfo-1.8.3-13.12.1 * libgstpbutils-1_0-0-1.8.3-13.12.1 * libgsttag-1_0-0-1.8.3-13.12.1 * libgstsdp-1_0-0-debuginfo-1.8.3-13.12.1 * libgsttag-1_0-0-debuginfo-1.8.3-13.12.1 * libgstvideo-1_0-0-debuginfo-1.8.3-13.12.1 * gstreamer-plugins-base-1.8.3-13.12.1 * libgstvideo-1_0-0-1.8.3-13.12.1 * libgstriff-1_0-0-debuginfo-1.8.3-13.12.1 * libgstsdp-1_0-0-1.8.3-13.12.1 * libgstriff-1_0-0-1.8.3-13.12.1 * libgstfft-1_0-0-1.8.3-13.12.1 * libgstfft-1_0-0-debuginfo-1.8.3-13.12.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gstreamer-plugins-base-lang-1.8.3-13.12.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libgstaudio-1_0-0-32bit-1.8.3-13.12.1 * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.12.1 * libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgsttag-1_0-0-32bit-1.8.3-13.12.1 * libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgstvideo-1_0-0-32bit-1.8.3-13.12.1 * libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgstpbutils-1_0-0-32bit-1.8.3-13.12.1 * libgstapp-1_0-0-32bit-1.8.3-13.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgstaudio-1_0-0-1.8.3-13.12.1 * libgstrtsp-1_0-0-1.8.3-13.12.1 * libgstallocators-1_0-0-debuginfo-1.8.3-13.12.1 * libgstrtp-1_0-0-1.8.3-13.12.1 * libgstallocators-1_0-0-1.8.3-13.12.1 * libgstpbutils-1_0-0-debuginfo-1.8.3-13.12.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.12.1 * libgstapp-1_0-0-1.8.3-13.12.1 * libgstrtp-1_0-0-debuginfo-1.8.3-13.12.1 * libgstrtsp-1_0-0-debuginfo-1.8.3-13.12.1 * gstreamer-plugins-base-debugsource-1.8.3-13.12.1 * libgstapp-1_0-0-debuginfo-1.8.3-13.12.1 * libgstaudio-1_0-0-debuginfo-1.8.3-13.12.1 * libgstpbutils-1_0-0-1.8.3-13.12.1 * libgsttag-1_0-0-1.8.3-13.12.1 * libgstsdp-1_0-0-debuginfo-1.8.3-13.12.1 * libgsttag-1_0-0-debuginfo-1.8.3-13.12.1 * libgstvideo-1_0-0-debuginfo-1.8.3-13.12.1 * gstreamer-plugins-base-1.8.3-13.12.1 * libgstvideo-1_0-0-1.8.3-13.12.1 * libgstriff-1_0-0-debuginfo-1.8.3-13.12.1 * libgstsdp-1_0-0-1.8.3-13.12.1 * libgstriff-1_0-0-1.8.3-13.12.1 * libgstfft-1_0-0-1.8.3-13.12.1 * libgstfft-1_0-0-debuginfo-1.8.3-13.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gstreamer-plugins-base-lang-1.8.3-13.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libgstaudio-1_0-0-32bit-1.8.3-13.12.1 * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.12.1 * libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgsttag-1_0-0-32bit-1.8.3-13.12.1 * libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgstvideo-1_0-0-32bit-1.8.3-13.12.1 * libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgstpbutils-1_0-0-32bit-1.8.3-13.12.1 * libgstapp-1_0-0-32bit-1.8.3-13.12.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * typelib-1_0-GstVideo-1_0-1.8.3-13.12.1 * gstreamer-plugins-base-debugsource-1.8.3-13.12.1 * typelib-1_0-GstAudio-1_0-1.8.3-13.12.1 * libgstfft-1_0-0-debuginfo-32bit-1.8.3-13.12.1 * libgstfft-1_0-0-32bit-1.8.3-13.12.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.12.1 * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.12.1 * typelib-1_0-GstPbutils-1_0-1.8.3-13.12.1 * typelib-1_0-GstTag-1_0-1.8.3-13.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-37328.html * https://bugzilla.suse.com/show_bug.cgi?id=1213131 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:18 -0000 Subject: SUSE-SU-2023:3401-1: important: Security update for erlang Message-ID: <169282261874.15036.10654213076908814869@smelt2.suse.de> # Security update for erlang Announcement ID: SUSE-SU-2023:3401-1 Rating: important References: * #1205318 * #1207113 Cross-References: * CVE-2022-37026 CVSS scores: * CVE-2022-37026 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2022-37026 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for erlang fixes the following issues: * Replaced the CVE-2022-37026 patch with the one released by the upstream to fix a regression in the previous one. (bsc#1205318) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3401=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3401=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3401=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3401=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3401=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3401=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3401=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3401=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3401=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3401=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3401=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3401=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * erlang-debugger-22.3-150300.3.8.1 * erlang-wx-src-22.3-150300.3.8.1 * erlang-observer-src-22.3-150300.3.8.1 * erlang-jinterface-src-22.3-150300.3.8.1 * erlang-diameter-22.3-150300.3.8.1 * erlang-diameter-src-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-wx-debuginfo-22.3-150300.3.8.1 * erlang-wx-22.3-150300.3.8.1 * erlang-dialyzer-debuginfo-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * erlang-reltool-src-22.3-150300.3.8.1 * erlang-et-src-22.3-150300.3.8.1 * erlang-22.3-150300.3.8.1 * erlang-observer-22.3-150300.3.8.1 * erlang-src-22.3-150300.3.8.1 * erlang-dialyzer-22.3-150300.3.8.1 * erlang-debugger-src-22.3-150300.3.8.1 * erlang-reltool-22.3-150300.3.8.1 * erlang-jinterface-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-doc-22.3-150300.3.8.1 * erlang-dialyzer-src-22.3-150300.3.8.1 * erlang-et-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * erlang-debugger-22.3-150300.3.8.1 * erlang-wx-src-22.3-150300.3.8.1 * erlang-observer-src-22.3-150300.3.8.1 * erlang-jinterface-src-22.3-150300.3.8.1 * erlang-diameter-22.3-150300.3.8.1 * erlang-diameter-src-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-wx-debuginfo-22.3-150300.3.8.1 * erlang-wx-22.3-150300.3.8.1 * erlang-dialyzer-debuginfo-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * erlang-reltool-src-22.3-150300.3.8.1 * erlang-et-src-22.3-150300.3.8.1 * erlang-22.3-150300.3.8.1 * erlang-observer-22.3-150300.3.8.1 * erlang-src-22.3-150300.3.8.1 * erlang-dialyzer-22.3-150300.3.8.1 * erlang-debugger-src-22.3-150300.3.8.1 * erlang-reltool-22.3-150300.3.8.1 * erlang-jinterface-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-doc-22.3-150300.3.8.1 * erlang-dialyzer-src-22.3-150300.3.8.1 * erlang-et-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * erlang-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * erlang-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * erlang-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * erlang-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * erlang-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * erlang-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * SUSE Manager Proxy 4.2 (x86_64) * erlang-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * erlang-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * erlang-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * erlang-22.3-150300.3.8.1 * erlang-epmd-debuginfo-22.3-150300.3.8.1 * erlang-debugsource-22.3-150300.3.8.1 * erlang-epmd-22.3-150300.3.8.1 * erlang-debuginfo-22.3-150300.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2022-37026.html * https://bugzilla.suse.com/show_bug.cgi?id=1205318 * https://bugzilla.suse.com/show_bug.cgi?id=1207113 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:21 -0000 Subject: SUSE-SU-2023:3400-1: important: Security update for nodejs16 Message-ID: <169282262115.15036.6409702611748625560@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:3400-1 Rating: important References: * #1214150 * #1214154 * #1214156 Cross-References: * CVE-2023-32002 * CVE-2023-32006 * CVE-2023-32559 CVSS scores: * CVE-2023-32002 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2023-32006 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-32006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32559 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to LTS version 16.20.2. * CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). * CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3400=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3400=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3400=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3400=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3400=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3400=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs16-debuginfo-16.20.2-150300.7.27.2 * nodejs16-16.20.2-150300.7.27.2 * nodejs16-debugsource-16.20.2-150300.7.27.2 * nodejs16-devel-16.20.2-150300.7.27.2 * npm16-16.20.2-150300.7.27.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.27.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs16-debuginfo-16.20.2-150300.7.27.2 * nodejs16-16.20.2-150300.7.27.2 * nodejs16-debugsource-16.20.2-150300.7.27.2 * nodejs16-devel-16.20.2-150300.7.27.2 * npm16-16.20.2-150300.7.27.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.27.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs16-debuginfo-16.20.2-150300.7.27.2 * nodejs16-16.20.2-150300.7.27.2 * nodejs16-debugsource-16.20.2-150300.7.27.2 * nodejs16-devel-16.20.2-150300.7.27.2 * npm16-16.20.2-150300.7.27.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.27.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs16-debuginfo-16.20.2-150300.7.27.2 * nodejs16-16.20.2-150300.7.27.2 * nodejs16-debugsource-16.20.2-150300.7.27.2 * nodejs16-devel-16.20.2-150300.7.27.2 * npm16-16.20.2-150300.7.27.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.27.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs16-debuginfo-16.20.2-150300.7.27.2 * nodejs16-16.20.2-150300.7.27.2 * nodejs16-debugsource-16.20.2-150300.7.27.2 * nodejs16-devel-16.20.2-150300.7.27.2 * npm16-16.20.2-150300.7.27.2 * SUSE Manager Server 4.2 (noarch) * nodejs16-docs-16.20.2-150300.7.27.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs16-debuginfo-16.20.2-150300.7.27.2 * nodejs16-16.20.2-150300.7.27.2 * nodejs16-debugsource-16.20.2-150300.7.27.2 * nodejs16-devel-16.20.2-150300.7.27.2 * npm16-16.20.2-150300.7.27.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs16-docs-16.20.2-150300.7.27.2 ## References: * https://www.suse.com/security/cve/CVE-2023-32002.html * https://www.suse.com/security/cve/CVE-2023-32006.html * https://www.suse.com/security/cve/CVE-2023-32559.html * https://bugzilla.suse.com/show_bug.cgi?id=1214150 * https://bugzilla.suse.com/show_bug.cgi?id=1214154 * https://bugzilla.suse.com/show_bug.cgi?id=1214156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:23 -0000 Subject: SUSE-SU-2023:3399-1: moderate: Security update for poppler Message-ID: <169282262302.15036.18281313127687672864@smelt2.suse.de> # Security update for poppler Announcement ID: SUSE-SU-2023:3399-1 Rating: moderate References: * #1150039 Cross-References: * CVE-2019-16115 CVSS scores: * CVE-2019-16115 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2019-16115 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. (bsc#1150039) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3399=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3399=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3399=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3399=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-qt4-devel-0.43.0-16.28.1 * poppler-debugsource-0.43.0-16.28.1 * typelib-1_0-Poppler-0_18-0.43.0-16.28.1 * libpoppler-devel-0.43.0-16.28.1 * libpoppler-glib-devel-0.43.0-16.28.1 * libpoppler-cpp0-0.43.0-16.28.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * libpoppler-cpp0-debuginfo-0.43.0-16.28.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libpoppler-qt4-4-0.43.0-16.28.1 * poppler-debugsource-0.43.0-16.28.1 * libpoppler60-debuginfo-0.43.0-16.28.1 * libpoppler60-0.43.0-16.28.1 * poppler-tools-debuginfo-0.43.0-16.28.1 * poppler-tools-0.43.0-16.28.1 * libpoppler-glib8-debuginfo-0.43.0-16.28.1 * libpoppler-glib8-0.43.0-16.28.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.28.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libpoppler-qt4-4-0.43.0-16.28.1 * poppler-debugsource-0.43.0-16.28.1 * libpoppler60-debuginfo-0.43.0-16.28.1 * libpoppler60-0.43.0-16.28.1 * poppler-tools-debuginfo-0.43.0-16.28.1 * poppler-tools-0.43.0-16.28.1 * libpoppler-glib8-debuginfo-0.43.0-16.28.1 * libpoppler-glib8-0.43.0-16.28.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * libpoppler-qt4-4-debuginfo-0.43.0-16.28.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libpoppler-qt4-4-0.43.0-16.28.1 * poppler-debugsource-0.43.0-16.28.1 * libpoppler60-debuginfo-0.43.0-16.28.1 * libpoppler60-0.43.0-16.28.1 * libpoppler-qt4-4-debuginfo-0.43.0-16.28.1 * poppler-tools-debuginfo-0.43.0-16.28.1 * poppler-tools-0.43.0-16.28.1 * libpoppler-glib8-debuginfo-0.43.0-16.28.1 * libpoppler-glib8-0.43.0-16.28.1 ## References: * https://www.suse.com/security/cve/CVE-2019-16115.html * https://bugzilla.suse.com/show_bug.cgi?id=1150039 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:24 -0000 Subject: SUSE-SU-2023:3398-1: important: Security update for krb5 Message-ID: <169282262490.15036.8057660476653422835@smelt2.suse.de> # Security update for krb5 Announcement ID: SUSE-SU-2023:3398-1 Rating: important References: * #1214054 Cross-References: * CVE-2023-36054 CVSS scores: * CVE-2023-36054 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-36054 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for krb5 fixes the following issues: * CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3398=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3398=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3398=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3398=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3398=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * krb5-debugsource-1.12.5-40.52.1 * krb5-devel-1.12.5-40.52.1 * krb5-debuginfo-1.12.5-40.52.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.52.1 * krb5-plugin-kdb-ldap-1.12.5-40.52.1 * krb5-plugin-preauth-otp-debuginfo-1.12.5-40.52.1 * krb5-client-1.12.5-40.52.1 * krb5-1.12.5-40.52.1 * krb5-server-1.12.5-40.52.1 * krb5-plugin-preauth-otp-1.12.5-40.52.1 * krb5-server-debuginfo-1.12.5-40.52.1 * krb5-debugsource-1.12.5-40.52.1 * krb5-plugin-preauth-pkinit-1.12.5-40.52.1 * krb5-32bit-1.12.5-40.52.1 * krb5-client-debuginfo-1.12.5-40.52.1 * krb5-debuginfo-1.12.5-40.52.1 * krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.52.1 * krb5-debuginfo-32bit-1.12.5-40.52.1 * krb5-doc-1.12.5-40.52.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.52.1 * krb5-plugin-kdb-ldap-1.12.5-40.52.1 * krb5-plugin-preauth-otp-debuginfo-1.12.5-40.52.1 * krb5-client-1.12.5-40.52.1 * krb5-1.12.5-40.52.1 * krb5-server-1.12.5-40.52.1 * krb5-plugin-preauth-otp-1.12.5-40.52.1 * krb5-server-debuginfo-1.12.5-40.52.1 * krb5-debugsource-1.12.5-40.52.1 * krb5-plugin-preauth-pkinit-1.12.5-40.52.1 * krb5-client-debuginfo-1.12.5-40.52.1 * krb5-debuginfo-1.12.5-40.52.1 * krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.52.1 * krb5-doc-1.12.5-40.52.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * krb5-32bit-1.12.5-40.52.1 * krb5-debuginfo-32bit-1.12.5-40.52.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.52.1 * krb5-plugin-kdb-ldap-1.12.5-40.52.1 * krb5-plugin-preauth-otp-debuginfo-1.12.5-40.52.1 * krb5-client-1.12.5-40.52.1 * krb5-1.12.5-40.52.1 * krb5-server-1.12.5-40.52.1 * krb5-plugin-preauth-otp-1.12.5-40.52.1 * krb5-server-debuginfo-1.12.5-40.52.1 * krb5-debugsource-1.12.5-40.52.1 * krb5-plugin-preauth-pkinit-1.12.5-40.52.1 * krb5-client-debuginfo-1.12.5-40.52.1 * krb5-debuginfo-1.12.5-40.52.1 * krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.52.1 * krb5-doc-1.12.5-40.52.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * krb5-32bit-1.12.5-40.52.1 * krb5-debuginfo-32bit-1.12.5-40.52.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.52.1 * krb5-plugin-kdb-ldap-1.12.5-40.52.1 * krb5-plugin-preauth-otp-debuginfo-1.12.5-40.52.1 * krb5-client-1.12.5-40.52.1 * krb5-1.12.5-40.52.1 * krb5-server-1.12.5-40.52.1 * krb5-plugin-preauth-otp-1.12.5-40.52.1 * krb5-server-debuginfo-1.12.5-40.52.1 * krb5-debugsource-1.12.5-40.52.1 * krb5-plugin-preauth-pkinit-1.12.5-40.52.1 * krb5-client-debuginfo-1.12.5-40.52.1 * krb5-debuginfo-1.12.5-40.52.1 * krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.52.1 * krb5-doc-1.12.5-40.52.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * krb5-32bit-1.12.5-40.52.1 * krb5-debuginfo-32bit-1.12.5-40.52.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36054.html * https://bugzilla.suse.com/show_bug.cgi?id=1214054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:26 -0000 Subject: SUSE-SU-2023:3244-2: moderate: Security update for openssl-3 Message-ID: <169282262696.15036.11602881286377796547@smelt2.suse.de> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:3244-2 Rating: moderate References: * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3244=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3244=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3244=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3244=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3244=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3244=1 ## Package List: * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.34.1 * libopenssl3-debuginfo-3.0.8-150400.4.34.1 * libopenssl3-3.0.8-150400.4.34.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.34.1 * libopenssl3-debuginfo-3.0.8-150400.4.34.1 * libopenssl3-3.0.8-150400.4.34.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.34.1 * libopenssl3-debuginfo-3.0.8-150400.4.34.1 * libopenssl3-3.0.8-150400.4.34.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.34.1 * libopenssl3-debuginfo-3.0.8-150400.4.34.1 * libopenssl3-3.0.8-150400.4.34.1 * SUSE Linux Enterprise Micro 5.4 (s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.34.1 * libopenssl3-debuginfo-3.0.8-150400.4.34.1 * libopenssl3-3.0.8-150400.4.34.1 * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.34.1 * libopenssl3-debuginfo-3.0.8-150400.4.34.1 * libopenssl3-3.0.8-150400.4.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:29 -0000 Subject: SUSE-SU-2023:3397-1: moderate: Security update for openssl-1_1 Message-ID: <169282262925.15036.13282026924005891007@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:3397-1 Rating: moderate References: * #1213517 * #1213853 Cross-References: * CVE-2023-3817 CVSS scores: * CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) * Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3397=1 openSUSE-SLE-15.4-2023-3397=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3397=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3397=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3397=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3397=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3397=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3397=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3397=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-1_1-debugsource-1.1.1l-150400.7.53.1 * libopenssl-1_1-devel-1.1.1l-150400.7.53.1 * openssl-1_1-1.1.1l-150400.7.53.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-1.1.1l-150400.7.53.1 * libopenssl1_1-1.1.1l-150400.7.53.1 * openSUSE Leap 15.4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.53.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.53.1 * libopenssl1_1-32bit-1.1.1l-150400.7.53.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.53.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl-1_1-devel-64bit-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-64bit-1.1.1l-150400.7.53.1 * libopenssl1_1-64bit-1.1.1l-150400.7.53.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.53.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.53.1 * libopenssl-1_1-devel-1.1.1l-150400.7.53.1 * openssl-1_1-1.1.1l-150400.7.53.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-1.1.1l-150400.7.53.1 * libopenssl1_1-1.1.1l-150400.7.53.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.53.1 * libopenssl-1_1-devel-1.1.1l-150400.7.53.1 * openssl-1_1-1.1.1l-150400.7.53.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-1.1.1l-150400.7.53.1 * libopenssl1_1-1.1.1l-150400.7.53.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.53.1 * libopenssl-1_1-devel-1.1.1l-150400.7.53.1 * openssl-1_1-1.1.1l-150400.7.53.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-1.1.1l-150400.7.53.1 * libopenssl1_1-1.1.1l-150400.7.53.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.53.1 * libopenssl-1_1-devel-1.1.1l-150400.7.53.1 * openssl-1_1-1.1.1l-150400.7.53.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-1.1.1l-150400.7.53.1 * libopenssl1_1-1.1.1l-150400.7.53.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.53.1 * libopenssl-1_1-devel-1.1.1l-150400.7.53.1 * openssl-1_1-1.1.1l-150400.7.53.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-1.1.1l-150400.7.53.1 * libopenssl1_1-1.1.1l-150400.7.53.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.53.1 * libopenssl-1_1-devel-1.1.1l-150400.7.53.1 * openssl-1_1-1.1.1l-150400.7.53.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-1.1.1l-150400.7.53.1 * libopenssl1_1-1.1.1l-150400.7.53.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.53.1 * libopenssl-1_1-devel-1.1.1l-150400.7.53.1 * openssl-1_1-1.1.1l-150400.7.53.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-1.1.1l-150400.7.53.1 * libopenssl1_1-1.1.1l-150400.7.53.1 * Basesystem Module 15-SP4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.53.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.53.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.53.1 * libopenssl1_1-32bit-1.1.1l-150400.7.53.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3817.html * https://bugzilla.suse.com/show_bug.cgi?id=1213517 * https://bugzilla.suse.com/show_bug.cgi?id=1213853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:30 -0000 Subject: SUSE-RU-2023:3396-1: moderate: Recommended update for osinfo-db Message-ID: <169282263070.15036.13859753279344501087@smelt2.suse.de> # Recommended update for osinfo-db Announcement ID: SUSE-RU-2023:3396-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for osinfo-db fixes the following issue: * Update to database version 20230719 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3396=1 openSUSE-SLE-15.5-2023-3396=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3396=1 ## Package List: * openSUSE Leap 15.5 (noarch) * osinfo-db-20230719-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * osinfo-db-20230719-150500.3.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:37 -0000 Subject: SUSE-SU-2023:3395-1: moderate: Security update for xen Message-ID: <169282263794.15036.7739261129864262714@smelt2.suse.de> # Security update for xen Announcement ID: SUSE-SU-2023:3395-1 Rating: moderate References: * #1027519 * #1213616 * #1214082 * #1214083 Cross-References: * CVE-2022-40982 * CVE-2023-20569 * CVE-2023-20593 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling". (bsc#1214083, XSA-435) * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3395=1 SUSE-2023-3395=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3395=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3395=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3395=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3395=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3395=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3395=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3395=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3395=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64 i586) * xen-libs-4.16.5_02-150400.4.31.1 * xen-tools-domU-4.16.5_02-150400.4.31.1 * xen-devel-4.16.5_02-150400.4.31.1 * xen-libs-debuginfo-4.16.5_02-150400.4.31.1 * xen-debugsource-4.16.5_02-150400.4.31.1 * xen-tools-domU-debuginfo-4.16.5_02-150400.4.31.1 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-debuginfo-4.16.5_02-150400.4.31.1 * xen-libs-32bit-4.16.5_02-150400.4.31.1 * openSUSE Leap 15.4 (aarch64 x86_64) * xen-tools-4.16.5_02-150400.4.31.1 * xen-doc-html-4.16.5_02-150400.4.31.1 * xen-tools-debuginfo-4.16.5_02-150400.4.31.1 * xen-4.16.5_02-150400.4.31.1 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_02-150400.4.31.1 * openSUSE Leap 15.4 (aarch64_ilp32) * xen-libs-64bit-4.16.5_02-150400.4.31.1 * xen-libs-64bit-debuginfo-4.16.5_02-150400.4.31.1 * openSUSE Leap Micro 5.3 (x86_64) * xen-debugsource-4.16.5_02-150400.4.31.1 * xen-libs-debuginfo-4.16.5_02-150400.4.31.1 * xen-libs-4.16.5_02-150400.4.31.1 * openSUSE Leap Micro 5.4 (x86_64) * xen-debugsource-4.16.5_02-150400.4.31.1 * xen-libs-debuginfo-4.16.5_02-150400.4.31.1 * xen-libs-4.16.5_02-150400.4.31.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-debugsource-4.16.5_02-150400.4.31.1 * xen-libs-debuginfo-4.16.5_02-150400.4.31.1 * xen-libs-4.16.5_02-150400.4.31.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-debugsource-4.16.5_02-150400.4.31.1 * xen-libs-debuginfo-4.16.5_02-150400.4.31.1 * xen-libs-4.16.5_02-150400.4.31.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-debugsource-4.16.5_02-150400.4.31.1 * xen-libs-debuginfo-4.16.5_02-150400.4.31.1 * xen-libs-4.16.5_02-150400.4.31.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-debugsource-4.16.5_02-150400.4.31.1 * xen-libs-debuginfo-4.16.5_02-150400.4.31.1 * xen-libs-4.16.5_02-150400.4.31.1 * Basesystem Module 15-SP4 (x86_64) * xen-libs-4.16.5_02-150400.4.31.1 * xen-tools-domU-4.16.5_02-150400.4.31.1 * xen-libs-debuginfo-4.16.5_02-150400.4.31.1 * xen-debugsource-4.16.5_02-150400.4.31.1 * xen-tools-domU-debuginfo-4.16.5_02-150400.4.31.1 * Server Applications Module 15-SP4 (x86_64) * xen-devel-4.16.5_02-150400.4.31.1 * xen-debugsource-4.16.5_02-150400.4.31.1 * xen-tools-4.16.5_02-150400.4.31.1 * xen-tools-debuginfo-4.16.5_02-150400.4.31.1 * xen-4.16.5_02-150400.4.31.1 * Server Applications Module 15-SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.5_02-150400.4.31.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1213616 * https://bugzilla.suse.com/show_bug.cgi?id=1214082 * https://bugzilla.suse.com/show_bug.cgi?id=1214083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 23 20:30:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Aug 2023 20:30:40 -0000 Subject: SUSE-SU-2023:3394-1: important: Security update for postfix Message-ID: <169282264022.15036.3284315414555020734@smelt2.suse.de> # Security update for postfix Announcement ID: SUSE-SU-2023:3394-1 Rating: important References: * #1211196 * #1213515 Cross-References: * CVE-2023-32182 CVSS scores: Affected Products: * Basesystem Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for postfix fixes the following issues: * CVE-2023-32182: Fixed config_postfix SUSE specific script potentially bad /tmp file usage (bsc#1211196). * Update to from 3.7.2 to 3.7.3: * Fixes a bug where some messages were not delivered after "warning: Unexpected record type 'X'. (bsc#1213515) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3394=1 openSUSE-SLE-15.5-2023-3394=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3394=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3394=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3394=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * postfix-ldap-3.7.3-150500.3.5.1 * postfix-ldap-debuginfo-3.7.3-150500.3.5.1 * postfix-bdb-lmdb-3.7.3-150500.3.5.1 * postfix-bdb-lmdb-debuginfo-3.7.3-150500.3.5.1 * postfix-bdb-debugsource-3.7.3-150500.3.5.1 * postfix-devel-3.7.3-150500.3.5.1 * postfix-postgresql-debuginfo-3.7.3-150500.3.5.1 * postfix-bdb-debuginfo-3.7.3-150500.3.5.1 * postfix-debuginfo-3.7.3-150500.3.5.1 * postfix-3.7.3-150500.3.5.1 * postfix-mysql-3.7.3-150500.3.5.1 * postfix-postgresql-3.7.3-150500.3.5.1 * postfix-bdb-3.7.3-150500.3.5.1 * postfix-debugsource-3.7.3-150500.3.5.1 * postfix-mysql-debuginfo-3.7.3-150500.3.5.1 * openSUSE Leap 15.5 (noarch) * postfix-doc-3.7.3-150500.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postfix-ldap-3.7.3-150500.3.5.1 * postfix-ldap-debuginfo-3.7.3-150500.3.5.1 * postfix-devel-3.7.3-150500.3.5.1 * postfix-debuginfo-3.7.3-150500.3.5.1 * postfix-3.7.3-150500.3.5.1 * postfix-debugsource-3.7.3-150500.3.5.1 * Basesystem Module 15-SP5 (noarch) * postfix-doc-3.7.3-150500.3.5.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postfix-bdb-lmdb-3.7.3-150500.3.5.1 * postfix-bdb-lmdb-debuginfo-3.7.3-150500.3.5.1 * postfix-bdb-debugsource-3.7.3-150500.3.5.1 * postfix-bdb-debuginfo-3.7.3-150500.3.5.1 * postfix-bdb-3.7.3-150500.3.5.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * postfix-mysql-3.7.3-150500.3.5.1 * postfix-debugsource-3.7.3-150500.3.5.1 * postfix-debuginfo-3.7.3-150500.3.5.1 * postfix-mysql-debuginfo-3.7.3-150500.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32182.html * https://bugzilla.suse.com/show_bug.cgi?id=1211196 * https://bugzilla.suse.com/show_bug.cgi?id=1213515 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 07:04:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 09:04:34 +0200 (CEST) Subject: SUSE-CU-2023:2748-1: Security update of bci/nodejs Message-ID: <20230824070434.CB655FDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2748-1 Container Tags : bci/node:16 , bci/node:16-9.32 , bci/nodejs:16 , bci/nodejs:16-9.32 Container Release : 9.32 Severity : important Type : security References : 1214150 1214154 1214156 CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3379-1 Released: Tue Aug 22 18:36:01 2023 Summary: Security update for nodejs16 Type: security Severity: important References: 1214150,1214154,1214156,CVE-2023-32002,CVE-2023-32006,CVE-2023-32559 This update for nodejs16 fixes the following issues: Update to LTS version 16.20.2. - CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). - CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). The following package changes have been done: - nodejs16-16.20.2-150400.3.24.1 updated - npm16-16.20.2-150400.3.24.1 updated From sle-updates at lists.suse.com Thu Aug 24 07:04:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 09:04:47 +0200 (CEST) Subject: SUSE-CU-2023:2749-1: Security update of bci/nodejs Message-ID: <20230824070447.9D634FDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2749-1 Container Tags : bci/node:18 , bci/node:18-9.15 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-9.15 , bci/nodejs:latest Container Release : 9.15 Severity : important Type : security References : 1214150 1214154 1214156 CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3378-1 Released: Tue Aug 22 18:35:14 2023 Summary: Security update for nodejs18 Type: security Severity: important References: 1214150,1214154,1214156,CVE-2023-32002,CVE-2023-32006,CVE-2023-32559 This update for nodejs18 fixes the following issues: Update to LTS version 18.17.1. - CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). - CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). The following package changes have been done: - nodejs18-18.17.1-150400.9.12.1 updated - npm18-18.17.1-150400.9.12.1 updated From sle-updates at lists.suse.com Thu Aug 24 08:54:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 08:54:36 -0000 Subject: SUSE-SU-2023:3419-1: important: Security update for webkit2gtk3 Message-ID: <169286727613.22974.4736403717045609110@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:3419-1 Rating: important References: * #1212863 * #1213905 Cross-References: * CVE-2022-48503 * CVE-2023-32435 * CVE-2023-32439 * CVE-2023-38133 * CVE-2023-38572 * CVE-2023-38592 * CVE-2023-38594 * CVE-2023-38595 * CVE-2023-38597 * CVE-2023-38599 * CVE-2023-38600 * CVE-2023-38611 CVSS scores: * CVE-2022-48503 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48503 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32435 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32435 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32439 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-32439 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38133 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-38133 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-38572 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-38592 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38594 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38594 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38595 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38597 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38597 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38599 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2023-38600 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-38611 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 (bsc#1213905): * CVE-2023-38133: Fixed information disclosure. * CVE-2023-38572: Fixed Same-Origin-Policy bypass. * CVE-2023-38592: Fixed arbitrary code execution. * CVE-2023-38594: Fixed arbitrary code execution. * CVE-2023-38595: Fixed arbitrary code execution. * CVE-2023-38597: Fixed arbitrary code execution. * CVE-2023-38599: Fixed sensitive user information tracking. * CVE-2023-38600: Fixed arbitrary code execution. * CVE-2023-38611: Fixed arbitrary code execution. Update to version 2.40.3 (bsc#1212863): * CVE-2023-32439: Fixed a bug where processing maliciously crafted web content may lead to arbitrary code execution. (bsc#1212863) * CVE-2023-32435: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) * CVE-2022-48503: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3419=1 openSUSE-SLE-15.4-2023-3419=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3419=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3419=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3419=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3419=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3419=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3419=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3419=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-4.1-lang-2.40.5-150400.4.45.3 * WebKitGTK-4.0-lang-2.40.5-150400.4.45.3 * WebKitGTK-6.0-lang-2.40.5-150400.4.45.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * webkit2gtk3-soup2-minibrowser-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-2.40.5-150400.4.45.3 * libwebkitgtk-6_0-4-2.40.5-150400.4.45.3 * webkit2gtk4-devel-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.45.3 * libjavascriptcoregtk-6_0-1-2.40.5-150400.4.45.3 * webkit-jsc-4.1-debuginfo-2.40.5-150400.4.45.3 * typelib-1_0-JavaScriptCore-6_0-2.40.5-150400.4.45.3 * typelib-1_0-WebKitWebProcessExtension-6_0-2.40.5-150400.4.45.3 * webkit2gtk3-debugsource-2.40.5-150400.4.45.3 * webkit-jsc-4-debuginfo-2.40.5-150400.4.45.3 * typelib-1_0-WebKit-6_0-2.40.5-150400.4.45.3 * webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.45.3 * webkit2gtk4-debugsource-2.40.5-150400.4.45.3 * webkit2gtk-4_1-injected-bundles-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk4-minibrowser-2.40.5-150400.4.45.3 * webkit-jsc-4.1-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2-4_1-2.40.5-150400.4.45.3 * libwebkitgtk-6_0-4-debuginfo-2.40.5-150400.4.45.3 * libjavascriptcoregtk-6_0-1-debuginfo-2.40.5-150400.4.45.3 * webkit-jsc-6.0-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk4-minibrowser-debuginfo-2.40.5-150400.4.45.3 * webkit-jsc-6.0-2.40.5-150400.4.45.3 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.45.3 * webkit2gtk3-soup2-minibrowser-2.40.5-150400.4.45.3 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150400.4.45.3 * webkitgtk-6_0-injected-bundles-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk3-devel-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-debuginfo-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2WebExtension-4_1-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk3-soup2-devel-2.40.5-150400.4.45.3 * webkit2gtk3-minibrowser-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk3-minibrowser-debuginfo-2.40.5-150400.4.45.3 * webkit-jsc-4-2.40.5-150400.4.45.3 * typelib-1_0-JavaScriptCore-4_1-2.40.5-150400.4.45.3 * webkit2gtk3-soup2-debugsource-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-2.40.5-150400.4.45.3 * webkitgtk-6_0-injected-bundles-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2-4_0-2.40.5-150400.4.45.3 * webkit2gtk-4_1-injected-bundles-2.40.5-150400.4.45.3 * openSUSE Leap 15.4 (x86_64) * libwebkit2gtk-4_0-37-32bit-debuginfo-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-32bit-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-32bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-32bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-32bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.40.5-150400.4.45.3 * openSUSE Leap 15.4 (aarch64_ilp32) * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-64bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-64bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-64bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-64bit-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.40.5-150400.4.45.3 * openSUSE Leap 15.5 (noarch) * WebKitGTK-4.1-lang-2.40.5-150400.4.45.3 * WebKitGTK-4.0-lang-2.40.5-150400.4.45.3 * WebKitGTK-6.0-lang-2.40.5-150400.4.45.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-soup2-minibrowser-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-2.40.5-150400.4.45.3 * libwebkitgtk-6_0-4-2.40.5-150400.4.45.3 * webkit2gtk-4_1-injected-bundles-2.40.5-150400.4.45.3 * webkit2gtk4-devel-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.45.3 * libjavascriptcoregtk-6_0-1-2.40.5-150400.4.45.3 * webkit-jsc-4.1-debuginfo-2.40.5-150400.4.45.3 * typelib-1_0-JavaScriptCore-6_0-2.40.5-150400.4.45.3 * typelib-1_0-WebKitWebProcessExtension-6_0-2.40.5-150400.4.45.3 * typelib-1_0-WebKit-6_0-2.40.5-150400.4.45.3 * webkit-jsc-4-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk3-debugsource-2.40.5-150400.4.45.3 * webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.45.3 * webkit2gtk4-debugsource-2.40.5-150400.4.45.3 * webkit2gtk-4_1-injected-bundles-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk4-minibrowser-2.40.5-150400.4.45.3 * webkit-jsc-4.1-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2-4_1-2.40.5-150400.4.45.3 * libwebkitgtk-6_0-4-debuginfo-2.40.5-150400.4.45.3 * libjavascriptcoregtk-6_0-1-debuginfo-2.40.5-150400.4.45.3 * webkit-jsc-6.0-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk4-minibrowser-debuginfo-2.40.5-150400.4.45.3 * webkit-jsc-6.0-2.40.5-150400.4.45.3 * typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.45.3 * webkit2gtk3-soup2-minibrowser-2.40.5-150400.4.45.3 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150400.4.45.3 * webkitgtk-6_0-injected-bundles-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk3-devel-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-debuginfo-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk3-soup2-devel-2.40.5-150400.4.45.3 * webkit2gtk3-minibrowser-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-debuginfo-2.40.5-150400.4.45.3 * webkit-jsc-4-2.40.5-150400.4.45.3 * webkit2gtk3-minibrowser-debuginfo-2.40.5-150400.4.45.3 * typelib-1_0-JavaScriptCore-4_1-2.40.5-150400.4.45.3 * webkit2gtk3-soup2-debugsource-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-2.40.5-150400.4.45.3 * webkitgtk-6_0-injected-bundles-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2-4_0-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2WebExtension-4_1-2.40.5-150400.4.45.3 * openSUSE Leap 15.5 (x86_64) * libwebkit2gtk-4_0-37-32bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-32bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-32bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-32bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-32bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.40.5-150400.4.45.3 * openSUSE Leap 15.5 (aarch64_ilp32) * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-64bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-64bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-64bit-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-64bit-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.40.5-150400.4.45.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.45.3 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-2.40.5-150400.4.45.3 * webkit2gtk3-soup2-debugsource-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2-4_0-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.45.3 * webkit2gtk3-soup2-devel-2.40.5-150400.4.45.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.45.3 * webkit2gtk-4_0-injected-bundles-debuginfo-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-2.40.5-150400.4.45.3 * webkit2gtk3-soup2-debugsource-2.40.5-150400.4.45.3 * libwebkit2gtk-4_0-37-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_0-18-debuginfo-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2-4_0-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.45.3 * webkit2gtk3-soup2-devel-2.40.5-150400.4.45.3 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-debuginfo-2.40.5-150400.4.45.3 * typelib-1_0-JavaScriptCore-4_1-2.40.5-150400.4.45.3 * webkit2gtk3-devel-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk-4_1-injected-bundles-debuginfo-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-2.40.5-150400.4.45.3 * webkit2gtk-4_1-injected-bundles-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2-4_1-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2WebExtension-4_1-2.40.5-150400.4.45.3 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-debuginfo-2.40.5-150400.4.45.3 * typelib-1_0-JavaScriptCore-4_1-2.40.5-150400.4.45.3 * webkit2gtk3-devel-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-2.40.5-150400.4.45.3 * libwebkit2gtk-4_1-0-debuginfo-2.40.5-150400.4.45.3 * webkit2gtk-4_1-injected-bundles-debuginfo-2.40.5-150400.4.45.3 * libjavascriptcoregtk-4_1-0-2.40.5-150400.4.45.3 * webkit2gtk-4_1-injected-bundles-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2-4_1-2.40.5-150400.4.45.3 * typelib-1_0-WebKit2WebExtension-4_1-2.40.5-150400.4.45.3 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk4-debugsource-2.40.5-150400.4.45.3 * libwebkitgtk-6_0-4-2.40.5-150400.4.45.3 * webkitgtk-6_0-injected-bundles-2.40.5-150400.4.45.3 * libwebkitgtk-6_0-4-debuginfo-2.40.5-150400.4.45.3 * libjavascriptcoregtk-6_0-1-2.40.5-150400.4.45.3 * libjavascriptcoregtk-6_0-1-debuginfo-2.40.5-150400.4.45.3 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk4-debugsource-2.40.5-150400.4.45.3 * libwebkitgtk-6_0-4-2.40.5-150400.4.45.3 * webkitgtk-6_0-injected-bundles-2.40.5-150400.4.45.3 * libwebkitgtk-6_0-4-debuginfo-2.40.5-150400.4.45.3 * libjavascriptcoregtk-6_0-1-2.40.5-150400.4.45.3 * libjavascriptcoregtk-6_0-1-debuginfo-2.40.5-150400.4.45.3 ## References: * https://www.suse.com/security/cve/CVE-2022-48503.html * https://www.suse.com/security/cve/CVE-2023-32435.html * https://www.suse.com/security/cve/CVE-2023-32439.html * https://www.suse.com/security/cve/CVE-2023-38133.html * https://www.suse.com/security/cve/CVE-2023-38572.html * https://www.suse.com/security/cve/CVE-2023-38592.html * https://www.suse.com/security/cve/CVE-2023-38594.html * https://www.suse.com/security/cve/CVE-2023-38595.html * https://www.suse.com/security/cve/CVE-2023-38597.html * https://www.suse.com/security/cve/CVE-2023-38599.html * https://www.suse.com/security/cve/CVE-2023-38600.html * https://www.suse.com/security/cve/CVE-2023-38611.html * https://bugzilla.suse.com/show_bug.cgi?id=1212863 * https://bugzilla.suse.com/show_bug.cgi?id=1213905 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 08:54:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 08:54:38 -0000 Subject: SUSE-RU-2023:3418-1: moderate: Recommended update for go Message-ID: <169286727845.22974.12434776758711289760@smelt2.suse.de> # Recommended update for go Announcement ID: SUSE-RU-2023:3418-1 Rating: moderate References: * #1212475 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for go fixes the following issues: * Update to current stable go 1.21 (bsc#1212475) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3418=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3418=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3418=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3418=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go-1.21-150000.3.32.1 * go-doc-1.21-150000.3.32.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go-race-1.21-150000.3.32.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go-1.21-150000.3.32.1 * go-race-1.21-150000.3.32.1 * go-doc-1.21-150000.3.32.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go-1.21-150000.3.32.1 * go-doc-1.21-150000.3.32.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go-race-1.21-150000.3.32.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go-1.21-150000.3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 08:54:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 08:54:40 -0000 Subject: SUSE-RU-2023:3417-1: important: Recommended update for gnu-efi Message-ID: <169286728024.22974.9577588902350514448@smelt2.suse.de> # Recommended update for gnu-efi Announcement ID: SUSE-RU-2023:3417-1 Rating: important References: * #1213923 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for gnu-efi fixes the following issues: * Add the non-executable GNU stack marking on ELF-linux (bsc#1213923) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3417=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3417=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3417=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3417=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3417=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3417=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3417=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3417=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3417=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * gnu-efi-3.0.13-150300.3.3.1 * openSUSE Leap 15.5 (aarch64 x86_64) * gnu-efi-3.0.13-150300.3.3.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * gnu-efi-3.0.13-150300.3.3.1 * Development Tools Module 15-SP5 (aarch64 x86_64) * gnu-efi-3.0.13-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * gnu-efi-3.0.13-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gnu-efi-3.0.13-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * gnu-efi-3.0.13-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * gnu-efi-3.0.13-150300.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * gnu-efi-3.0.13-150300.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213923 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 08:54:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 08:54:42 -0000 Subject: SUSE-RU-2023:3416-1: important: Recommended update for btrfsprogs Message-ID: <169286728271.22974.16164352135577928191@smelt2.suse.de> # Recommended update for btrfsprogs Announcement ID: SUSE-RU-2023:3416-1 Rating: important References: * #1207225 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for btrfsprogs fixes the following issues: * No UUID symlink in /dev/disk/by-uuid after creating a BTRFS filesystem on a partition of a mpath device (bsc#1207225) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3416=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3416=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3416=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3416=1 openSUSE-SLE-15.4-2023-3416=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3416=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3416=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3416=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3416=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libbtrfs0-5.14-150400.5.3.1 * btrfsprogs-debugsource-5.14-150400.5.3.1 * btrfsprogs-5.14-150400.5.3.1 * libbtrfs0-debuginfo-5.14-150400.5.3.1 * btrfsprogs-debuginfo-5.14-150400.5.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * btrfsprogs-udev-rules-5.14-150400.5.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libbtrfs0-5.14-150400.5.3.1 * btrfsprogs-debugsource-5.14-150400.5.3.1 * btrfsprogs-5.14-150400.5.3.1 * libbtrfs0-debuginfo-5.14-150400.5.3.1 * btrfsprogs-debuginfo-5.14-150400.5.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * btrfsprogs-udev-rules-5.14-150400.5.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libbtrfs0-5.14-150400.5.3.1 * btrfsprogs-debugsource-5.14-150400.5.3.1 * btrfsprogs-5.14-150400.5.3.1 * libbtrfs-devel-5.14-150400.5.3.1 * libbtrfs0-debuginfo-5.14-150400.5.3.1 * btrfsprogs-debuginfo-5.14-150400.5.3.1 * Basesystem Module 15-SP4 (noarch) * btrfsprogs-udev-rules-5.14-150400.5.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libbtrfsutil1-debuginfo-5.14-150400.5.3.1 * libbtrfs0-5.14-150400.5.3.1 * btrfsprogs-debugsource-5.14-150400.5.3.1 * btrfsprogs-static-5.14-150400.5.3.1 * libbtrfsutil1-5.14-150400.5.3.1 * btrfsprogs-5.14-150400.5.3.1 * libbtrfs-devel-5.14-150400.5.3.1 * btrfsprogs-static-debuginfo-5.14-150400.5.3.1 * python-btrfsutil-5.14-150400.5.3.1 * libbtrfsutil-devel-5.14-150400.5.3.1 * libbtrfs0-debuginfo-5.14-150400.5.3.1 * btrfsprogs-debuginfo-5.14-150400.5.3.1 * python-btrfsutil-debuginfo-5.14-150400.5.3.1 * openSUSE Leap 15.4 (noarch) * btrfsprogs-udev-rules-5.14-150400.5.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libbtrfs0-5.14-150400.5.3.1 * btrfsprogs-debugsource-5.14-150400.5.3.1 * btrfsprogs-5.14-150400.5.3.1 * libbtrfs0-debuginfo-5.14-150400.5.3.1 * btrfsprogs-debuginfo-5.14-150400.5.3.1 * openSUSE Leap Micro 5.3 (noarch) * btrfsprogs-udev-rules-5.14-150400.5.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libbtrfs0-5.14-150400.5.3.1 * btrfsprogs-debugsource-5.14-150400.5.3.1 * btrfsprogs-5.14-150400.5.3.1 * libbtrfs0-debuginfo-5.14-150400.5.3.1 * btrfsprogs-debuginfo-5.14-150400.5.3.1 * openSUSE Leap Micro 5.4 (noarch) * btrfsprogs-udev-rules-5.14-150400.5.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libbtrfs0-5.14-150400.5.3.1 * btrfsprogs-debugsource-5.14-150400.5.3.1 * btrfsprogs-5.14-150400.5.3.1 * libbtrfs0-debuginfo-5.14-150400.5.3.1 * btrfsprogs-debuginfo-5.14-150400.5.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * btrfsprogs-udev-rules-5.14-150400.5.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libbtrfs0-5.14-150400.5.3.1 * btrfsprogs-debugsource-5.14-150400.5.3.1 * btrfsprogs-5.14-150400.5.3.1 * libbtrfs0-debuginfo-5.14-150400.5.3.1 * btrfsprogs-debuginfo-5.14-150400.5.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * btrfsprogs-udev-rules-5.14-150400.5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207225 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 08:54:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 08:54:44 -0000 Subject: SUSE-RU-2023:3415-1: important: Recommended update for wget Message-ID: <169286728443.22974.4931145576920702975@smelt2.suse.de> # Recommended update for wget Announcement ID: SUSE-RU-2023:3415-1 Rating: important References: * #1213898 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for wget fixes the following issues: * Set the Host header when CONNECT is used (bsc#1213898) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3415=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3415=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3415=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3415=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * wget-1.14-21.13.2 * wget-debuginfo-1.14-21.13.2 * wget-debugsource-1.14-21.13.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * wget-1.14-21.13.2 * wget-debuginfo-1.14-21.13.2 * wget-debugsource-1.14-21.13.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * wget-1.14-21.13.2 * wget-debuginfo-1.14-21.13.2 * wget-debugsource-1.14-21.13.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * wget-1.14-21.13.2 * wget-debuginfo-1.14-21.13.2 * wget-debugsource-1.14-21.13.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213898 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 08:54:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 08:54:46 -0000 Subject: SUSE-RU-2023:3414-1: moderate: Recommended update for yast2-samba-client Message-ID: <169286728620.22974.10761526613691258651@smelt2.suse.de> # Recommended update for yast2-samba-client Announcement ID: SUSE-RU-2023:3414-1 Rating: moderate References: * #1197936 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for yast2-samba-client fixes the following issues: * Fix unlocalised text (bsc#1197936) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3414=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3414=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3414=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * yast2-samba-client-3.1.24-3.6.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * yast2-samba-client-3.1.24-3.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * yast2-samba-client-3.1.24-3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1197936 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 08:54:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 08:54:53 -0000 Subject: SUSE-FU-2023:3413-1: important: Feature update for LibreOffice and xmlsec1 Message-ID: <169286729356.22974.188712748589524678@smelt2.suse.de> # Feature update for LibreOffice and xmlsec1 Announcement ID: SUSE-FU-2023:3413-1 Rating: important References: * #1198666 * #1200085 * #1204040 * #1209242 * #1210687 * #1211746 * PED-3549 * PED-3550 * PED-3561 Cross-References: * CVE-2023-0950 * CVE-2023-2255 CVSS scores: * CVE-2023-0950 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2023-0950 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2255 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2023-2255 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves two vulnerabilities, contains three features and has four feature fixes can now be installed. ## Description: This update for LibreOffice and xmlsec1 fixes the following issue: libreoffice: * Version update from 7.4.3.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#3549): * For the highlights of changes of version 7.5 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.5 * Security issues fixed: * CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242) * CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746) * Bug fixes: * Fix PPTX shadow effect for table offset (bsc#1204040) * Fix ability to set the default tab size for each text object (bsc#1198666) * Fix PPTX extra vertical space between different text formats (bsc#1200085) * Do not use binutils-gold as the package is unmaintained and will be removed in the future (boo#1210687) * Updated bundled dependencies: * boost version update from 1_77_0 to 1_80_0 * curl version update from 7.83.1 to 8.0.1 * gpgme version update from 1.16.0 to 1.18.0 * icu4c-data version update from 70_1 to 72_1 * icu4c version update from 70_1 to 72_1 * pdfium version update from 4699 to 5408 * poppler version update from 21.11.0 to 22.12.0 xmlsec1: * Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550): * Retired the XMLSec mailing list "xmlsec at aleksey.com" and the XMLSec Online Signature Verifier. * Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled against OpenSSL 3.0. To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag (there will be a lot of deprecation warnings). * The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of XMLSec Library. * Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic` flags on CI builds. * Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility). * Support for OpenSSL compiled with OPENSSL_NO_ERR. * Full support for LibreSSL 3.5.0 and above * Several other small fixes * Fix decrypting session key for two recipients * Added `--privkey-openssl-engine` option to enhance openssl engine support * Remove MD5 for NSS 3.59 and above * Fix PKCS12_parse return code handling * Fix OpenSSL lookup * xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice * Unload error strings in OpenSSL shutdown. * Make userData available when executing preExecCallback function * Add an option to use secure memset. * Enabled XML_PARSE_HUGE for all xml parsers. * Various build and tests fixes and improvements. * Move remaining private header files away from xmlsec/include/`` folder * Other packaging changes: * Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass. * Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1] https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3413=1 openSUSE-SLE-15.4-2023-3413=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3413=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3413=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3413=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3413=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3413=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3413=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3413=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3413=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3413=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3413=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3413=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3413=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3413=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le x86_64 i586) * libreoffice-calc-extensions-7.5.4.1-150400.17.12.4 * libreofficekit-7.5.4.1-150400.17.12.4 * libreoffice-impress-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-7.5.4.1-150400.17.12.4 * libreoffice-librelogo-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-math-7.5.4.1-150400.17.12.4 * libreoffice-sdk-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-filters-optional-7.5.4.1-150400.17.12.4 * libreoffice-writer-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-7.5.4.1-150400.17.12.4 * libreoffice-debugsource-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-7.5.4.1-150400.17.12.4 * libreoffice-impress-7.5.4.1-150400.17.12.4 * libreoffice-qt5-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-sdk-doc-7.5.4.1-150400.17.12.4 * libreoffice-7.5.4.1-150400.17.12.4 * libreoffice-gnome-7.5.4.1-150400.17.12.4 * libreoffice-officebean-7.5.4.1-150400.17.12.4 * libreofficekit-devel-7.5.4.1-150400.17.12.4 * libreoffice-writer-7.5.4.1-150400.17.12.4 * libreoffice-sdk-7.5.4.1-150400.17.12.4 * libreoffice-base-7.5.4.1-150400.17.12.4 * libreoffice-math-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-7.5.4.1-150400.17.12.4 * libreoffice-qt5-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-7.5.4.1-150400.17.12.4 * libreoffice-gnome-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-officebean-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-base-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-writer-extensions-7.5.4.1-150400.17.12.4 * libreoffice-mailmerge-7.5.4.1-150400.17.12.4 * openSUSE Leap 15.4 (noarch) * libreoffice-l10n-gu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cs-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gd-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ast-7.5.4.1-150400.17.12.4 * libreoffice-l10n-he-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_BR-7.5.4.1-150400.17.12.4 * libreoffice-l10n-xh-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-et-7.5.4.1-150400.17.12.4 * libreoffice-l10n-uz-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mai-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mni-7.5.4.1-150400.17.12.4 * libreoffice-l10n-st-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ro-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ca-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_TW-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kab-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fa-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ml-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sd-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-be-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en_GB-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bn-7.5.4.1-150400.17.12.4 * libreoffice-icon-themes-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en_ZA-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sid-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lv-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ve-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ta-7.5.4.1-150400.17.12.4 * libreoffice-glade-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dsb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-or-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sq-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nso-7.5.4.1-150400.17.12.4 * libreoffice-l10n-de-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ko-7.5.4.1-150400.17.12.4 * libreoffice-l10n-am-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gug-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tt-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-km-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_PT-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bg-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_CN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-vec-7.5.4.1-150400.17.12.4 * libreoffice-l10n-si-7.5.4.1-150400.17.12.4 * libreoffice-l10n-brx-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-id-7.5.4.1-150400.17.12.4 * libreoffice-l10n-br-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ja-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fur-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ga-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pa-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ne-7.5.4.1-150400.17.12.4 * libreoffice-l10n-oc-7.5.4.1-150400.17.12.4 * libreoffice-l10n-el-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bn_IN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-te-7.5.4.1-150400.17.12.4 * libreoffice-gdb-pretty-printers-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ckb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lt-7.5.4.1-150400.17.12.4 * libreoffice-l10n-da-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ts-7.5.4.1-150400.17.12.4 * libreoffice-l10n-af-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dz-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ka-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kmr_Latn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ss-7.5.4.1-150400.17.12.4 * libreoffice-l10n-th-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kok-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ks-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ru-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ug-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sw_TZ-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hsb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-rw-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fy-7.5.4.1-150400.17.12.4 * libreoffice-l10n-vi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tg-7.5.4.1-150400.17.12.4 * libreoffice-l10n-uk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sv-7.5.4.1-150400.17.12.4 * libreoffice-branding-upstream-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ca_valencia-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sa_IN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cy-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bs-7.5.4.1-150400.17.12.4 * libreoffice-l10n-es-7.5.4.1-150400.17.12.4 * libreoffice-l10n-is-7.5.4.1-150400.17.12.4 * libreoffice-l10n-szl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-my-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en-7.5.4.1-150400.17.12.4 * libreoffice-l10n-om-7.5.4.1-150400.17.12.4 * libreoffice-l10n-as-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ar-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dgo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-it-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sat-7.5.4.1-150400.17.12.4 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xmlsec1-gcrypt-devel-1.2.37-150400.14.3.4 * xmlsec1-1.2.37-150400.14.3.4 * xmlsec1-nss-devel-1.2.37-150400.14.3.4 * libxmlsec1-1-1.2.37-150400.14.3.4 * xmlsec1-openssl-devel-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-nss1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * xmlsec1-gnutls-devel-1.2.37-150400.14.3.4 * xmlsec1-devel-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-1.2.37-150400.14.3.4 * libxmlsec1-nss1-debuginfo-1.2.37-150400.14.3.4 * openSUSE Leap Micro 5.3 (x86_64) * libxmlsec1-1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-debuginfo-1.2.37-150400.14.3.4 * openSUSE Leap Micro 5.4 (x86_64) * libxmlsec1-1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-debuginfo-1.2.37-150400.14.3.4 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * libreoffice-calc-extensions-7.5.4.1-150400.17.12.4 * libreofficekit-7.5.4.1-150400.17.12.4 * libreoffice-impress-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-7.5.4.1-150400.17.12.4 * libreoffice-librelogo-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-math-7.5.4.1-150400.17.12.4 * libreoffice-sdk-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-filters-optional-7.5.4.1-150400.17.12.4 * libreoffice-writer-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-7.5.4.1-150400.17.12.4 * libreoffice-debugsource-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-7.5.4.1-150400.17.12.4 * libreoffice-impress-7.5.4.1-150400.17.12.4 * libreoffice-qt5-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-sdk-doc-7.5.4.1-150400.17.12.4 * libreoffice-7.5.4.1-150400.17.12.4 * libreoffice-gnome-7.5.4.1-150400.17.12.4 * libreoffice-officebean-7.5.4.1-150400.17.12.4 * libreofficekit-devel-7.5.4.1-150400.17.12.4 * libreoffice-writer-7.5.4.1-150400.17.12.4 * libreoffice-sdk-7.5.4.1-150400.17.12.4 * libreoffice-base-7.5.4.1-150400.17.12.4 * libreoffice-math-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-7.5.4.1-150400.17.12.4 * libreoffice-qt5-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-7.5.4.1-150400.17.12.4 * libreoffice-gnome-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-officebean-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-base-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-writer-extensions-7.5.4.1-150400.17.12.4 * libreoffice-mailmerge-7.5.4.1-150400.17.12.4 * openSUSE Leap 15.5 (noarch) * libreoffice-l10n-gu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cs-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gd-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ast-7.5.4.1-150400.17.12.4 * libreoffice-l10n-he-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_BR-7.5.4.1-150400.17.12.4 * libreoffice-l10n-xh-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-et-7.5.4.1-150400.17.12.4 * libreoffice-l10n-uz-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mai-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mni-7.5.4.1-150400.17.12.4 * libreoffice-l10n-st-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ro-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ca-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_TW-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kab-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fa-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ml-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sd-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-be-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en_GB-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bn-7.5.4.1-150400.17.12.4 * libreoffice-icon-themes-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en_ZA-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sid-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lv-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ve-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ta-7.5.4.1-150400.17.12.4 * libreoffice-glade-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dsb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-or-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sq-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nso-7.5.4.1-150400.17.12.4 * libreoffice-l10n-de-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ko-7.5.4.1-150400.17.12.4 * libreoffice-l10n-am-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gug-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tt-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-km-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_PT-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bg-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_CN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-vec-7.5.4.1-150400.17.12.4 * libreoffice-l10n-si-7.5.4.1-150400.17.12.4 * libreoffice-l10n-brx-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-id-7.5.4.1-150400.17.12.4 * libreoffice-l10n-br-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ja-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fur-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ga-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pa-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ne-7.5.4.1-150400.17.12.4 * libreoffice-l10n-oc-7.5.4.1-150400.17.12.4 * libreoffice-l10n-el-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bn_IN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-te-7.5.4.1-150400.17.12.4 * libreoffice-gdb-pretty-printers-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ckb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lt-7.5.4.1-150400.17.12.4 * libreoffice-l10n-da-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ts-7.5.4.1-150400.17.12.4 * libreoffice-l10n-af-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dz-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ka-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kmr_Latn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ss-7.5.4.1-150400.17.12.4 * libreoffice-l10n-th-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kok-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ks-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ru-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ug-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sw_TZ-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hsb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-rw-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fy-7.5.4.1-150400.17.12.4 * libreoffice-l10n-vi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tg-7.5.4.1-150400.17.12.4 * libreoffice-l10n-uk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sv-7.5.4.1-150400.17.12.4 * libreoffice-branding-upstream-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ca_valencia-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sa_IN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cy-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bs-7.5.4.1-150400.17.12.4 * libreoffice-l10n-es-7.5.4.1-150400.17.12.4 * libreoffice-l10n-is-7.5.4.1-150400.17.12.4 * libreoffice-l10n-szl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-my-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en-7.5.4.1-150400.17.12.4 * libreoffice-l10n-om-7.5.4.1-150400.17.12.4 * libreoffice-l10n-as-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ar-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dgo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-it-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sat-7.5.4.1-150400.17.12.4 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xmlsec1-gcrypt-devel-1.2.37-150400.14.3.4 * xmlsec1-1.2.37-150400.14.3.4 * xmlsec1-nss-devel-1.2.37-150400.14.3.4 * libxmlsec1-1-1.2.37-150400.14.3.4 * xmlsec1-openssl-devel-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-nss1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * xmlsec1-gnutls-devel-1.2.37-150400.14.3.4 * xmlsec1-devel-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-1.2.37-150400.14.3.4 * libxmlsec1-nss1-debuginfo-1.2.37-150400.14.3.4 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * libxmlsec1-1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-debuginfo-1.2.37-150400.14.3.4 * SUSE Linux Enterprise Micro 5.3 (x86_64) * libxmlsec1-1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-debuginfo-1.2.37-150400.14.3.4 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * libxmlsec1-1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-debuginfo-1.2.37-150400.14.3.4 * SUSE Linux Enterprise Micro 5.4 (x86_64) * libxmlsec1-1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-debuginfo-1.2.37-150400.14.3.4 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xmlsec1-gcrypt-devel-1.2.37-150400.14.3.4 * xmlsec1-1.2.37-150400.14.3.4 * xmlsec1-nss-devel-1.2.37-150400.14.3.4 * libxmlsec1-1-1.2.37-150400.14.3.4 * xmlsec1-openssl-devel-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-nss1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * xmlsec1-gnutls-devel-1.2.37-150400.14.3.4 * xmlsec1-devel-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-1.2.37-150400.14.3.4 * libxmlsec1-nss1-debuginfo-1.2.37-150400.14.3.4 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xmlsec1-gcrypt-devel-1.2.37-150400.14.3.4 * xmlsec1-1.2.37-150400.14.3.4 * xmlsec1-nss-devel-1.2.37-150400.14.3.4 * libxmlsec1-1-1.2.37-150400.14.3.4 * xmlsec1-openssl-devel-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-nss1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * xmlsec1-gnutls-devel-1.2.37-150400.14.3.4 * xmlsec1-devel-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-1.2.37-150400.14.3.4 * libxmlsec1-openssl1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-1.2.37-150400.14.3.4 * libxmlsec1-nss1-debuginfo-1.2.37-150400.14.3.4 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le) * libreoffice-calc-extensions-7.5.4.1-150400.17.12.4 * libreofficekit-7.5.4.1-150400.17.12.4 * libreoffice-impress-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-7.5.4.1-150400.17.12.4 * libreoffice-librelogo-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-math-7.5.4.1-150400.17.12.4 * libreoffice-sdk-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-filters-optional-7.5.4.1-150400.17.12.4 * libreoffice-writer-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-7.5.4.1-150400.17.12.4 * libreoffice-debugsource-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-7.5.4.1-150400.17.12.4 * libreoffice-impress-7.5.4.1-150400.17.12.4 * libreoffice-qt5-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-sdk-doc-7.5.4.1-150400.17.12.4 * libreoffice-7.5.4.1-150400.17.12.4 * libreoffice-gnome-7.5.4.1-150400.17.12.4 * libreoffice-officebean-7.5.4.1-150400.17.12.4 * libreofficekit-devel-7.5.4.1-150400.17.12.4 * libreoffice-writer-7.5.4.1-150400.17.12.4 * libreoffice-sdk-7.5.4.1-150400.17.12.4 * libreoffice-base-7.5.4.1-150400.17.12.4 * libreoffice-math-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-7.5.4.1-150400.17.12.4 * libreoffice-qt5-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-7.5.4.1-150400.17.12.4 * libreoffice-gnome-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-officebean-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-base-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-writer-extensions-7.5.4.1-150400.17.12.4 * libreoffice-mailmerge-7.5.4.1-150400.17.12.4 * SUSE Package Hub 15 15-SP4 (noarch) * libreoffice-l10n-gu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cs-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gd-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ast-7.5.4.1-150400.17.12.4 * libreoffice-l10n-he-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_BR-7.5.4.1-150400.17.12.4 * libreoffice-l10n-xh-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-et-7.5.4.1-150400.17.12.4 * libreoffice-l10n-uz-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mai-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mni-7.5.4.1-150400.17.12.4 * libreoffice-l10n-st-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ro-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ca-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_TW-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kab-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fa-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ml-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sd-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-be-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en_GB-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bn-7.5.4.1-150400.17.12.4 * libreoffice-icon-themes-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en_ZA-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sid-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lv-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ve-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ta-7.5.4.1-150400.17.12.4 * libreoffice-glade-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dsb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-or-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sq-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nso-7.5.4.1-150400.17.12.4 * libreoffice-l10n-de-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ko-7.5.4.1-150400.17.12.4 * libreoffice-l10n-am-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gug-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tt-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-km-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_PT-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bg-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_CN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-vec-7.5.4.1-150400.17.12.4 * libreoffice-l10n-si-7.5.4.1-150400.17.12.4 * libreoffice-l10n-brx-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-id-7.5.4.1-150400.17.12.4 * libreoffice-l10n-br-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ja-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fur-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ga-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pa-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ne-7.5.4.1-150400.17.12.4 * libreoffice-l10n-oc-7.5.4.1-150400.17.12.4 * libreoffice-l10n-el-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bn_IN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-te-7.5.4.1-150400.17.12.4 * libreoffice-gdb-pretty-printers-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ckb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lt-7.5.4.1-150400.17.12.4 * libreoffice-l10n-da-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ts-7.5.4.1-150400.17.12.4 * libreoffice-l10n-af-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dz-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ka-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kmr_Latn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ss-7.5.4.1-150400.17.12.4 * libreoffice-l10n-th-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kok-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ks-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ru-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ug-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sw_TZ-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hsb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-rw-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fy-7.5.4.1-150400.17.12.4 * libreoffice-l10n-vi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tg-7.5.4.1-150400.17.12.4 * libreoffice-l10n-uk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sv-7.5.4.1-150400.17.12.4 * libreoffice-branding-upstream-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ca_valencia-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sa_IN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cy-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bs-7.5.4.1-150400.17.12.4 * libreoffice-l10n-es-7.5.4.1-150400.17.12.4 * libreoffice-l10n-is-7.5.4.1-150400.17.12.4 * libreoffice-l10n-szl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-my-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en-7.5.4.1-150400.17.12.4 * libreoffice-l10n-om-7.5.4.1-150400.17.12.4 * libreoffice-l10n-as-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ar-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dgo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-it-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sat-7.5.4.1-150400.17.12.4 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * xmlsec1-1.2.37-150400.14.3.4 * xmlsec1-openssl-devel-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-debuginfo-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * xmlsec1-gnutls-devel-1.2.37-150400.14.3.4 * xmlsec1-devel-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-1.2.37-150400.14.3.4 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * libxmlsec1-nss1-1.2.37-150400.14.3.4 * libxmlsec1-nss1-debuginfo-1.2.37-150400.14.3.4 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le) * libreoffice-calc-extensions-7.5.4.1-150400.17.12.4 * libreofficekit-7.5.4.1-150400.17.12.4 * libreoffice-impress-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-7.5.4.1-150400.17.12.4 * libreoffice-librelogo-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-math-7.5.4.1-150400.17.12.4 * libreoffice-sdk-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-filters-optional-7.5.4.1-150400.17.12.4 * libreoffice-writer-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-7.5.4.1-150400.17.12.4 * libreoffice-debugsource-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-7.5.4.1-150400.17.12.4 * libreoffice-impress-7.5.4.1-150400.17.12.4 * libreoffice-qt5-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-sdk-doc-7.5.4.1-150400.17.12.4 * libreoffice-7.5.4.1-150400.17.12.4 * libreoffice-gnome-7.5.4.1-150400.17.12.4 * libreoffice-officebean-7.5.4.1-150400.17.12.4 * libreofficekit-devel-7.5.4.1-150400.17.12.4 * libreoffice-writer-7.5.4.1-150400.17.12.4 * libreoffice-sdk-7.5.4.1-150400.17.12.4 * libreoffice-base-7.5.4.1-150400.17.12.4 * libreoffice-math-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-7.5.4.1-150400.17.12.4 * libreoffice-qt5-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-7.5.4.1-150400.17.12.4 * libreoffice-gnome-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-officebean-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-base-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-writer-extensions-7.5.4.1-150400.17.12.4 * libreoffice-mailmerge-7.5.4.1-150400.17.12.4 * SUSE Package Hub 15 15-SP5 (noarch) * libreoffice-l10n-gu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cs-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gd-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ast-7.5.4.1-150400.17.12.4 * libreoffice-l10n-he-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_BR-7.5.4.1-150400.17.12.4 * libreoffice-l10n-xh-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-et-7.5.4.1-150400.17.12.4 * libreoffice-l10n-uz-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mai-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mni-7.5.4.1-150400.17.12.4 * libreoffice-l10n-st-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ro-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ca-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_TW-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kab-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fa-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ml-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sd-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-be-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en_GB-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bn-7.5.4.1-150400.17.12.4 * libreoffice-icon-themes-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en_ZA-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sid-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lv-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ve-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ta-7.5.4.1-150400.17.12.4 * libreoffice-glade-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dsb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-or-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sq-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nso-7.5.4.1-150400.17.12.4 * libreoffice-l10n-de-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ko-7.5.4.1-150400.17.12.4 * libreoffice-l10n-am-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gug-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tt-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-km-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_PT-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bg-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_CN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-vec-7.5.4.1-150400.17.12.4 * libreoffice-l10n-si-7.5.4.1-150400.17.12.4 * libreoffice-l10n-brx-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-id-7.5.4.1-150400.17.12.4 * libreoffice-l10n-br-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ja-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fur-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ga-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pa-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ne-7.5.4.1-150400.17.12.4 * libreoffice-l10n-oc-7.5.4.1-150400.17.12.4 * libreoffice-l10n-el-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bn_IN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-te-7.5.4.1-150400.17.12.4 * libreoffice-gdb-pretty-printers-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ckb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lt-7.5.4.1-150400.17.12.4 * libreoffice-l10n-da-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ts-7.5.4.1-150400.17.12.4 * libreoffice-l10n-af-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dz-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ka-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kmr_Latn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ss-7.5.4.1-150400.17.12.4 * libreoffice-l10n-th-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kok-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ks-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ru-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ug-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sw_TZ-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hsb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-rw-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fy-7.5.4.1-150400.17.12.4 * libreoffice-l10n-vi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tg-7.5.4.1-150400.17.12.4 * libreoffice-l10n-uk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sv-7.5.4.1-150400.17.12.4 * libreoffice-branding-upstream-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ca_valencia-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sa_IN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cy-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bs-7.5.4.1-150400.17.12.4 * libreoffice-l10n-es-7.5.4.1-150400.17.12.4 * libreoffice-l10n-is-7.5.4.1-150400.17.12.4 * libreoffice-l10n-szl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-my-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en-7.5.4.1-150400.17.12.4 * libreoffice-l10n-om-7.5.4.1-150400.17.12.4 * libreoffice-l10n-as-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ar-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dgo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-it-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sat-7.5.4.1-150400.17.12.4 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * xmlsec1-1.2.37-150400.14.3.4 * xmlsec1-openssl-devel-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-debuginfo-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-debuginfo-1.2.37-150400.14.3.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * xmlsec1-gnutls-devel-1.2.37-150400.14.3.4 * xmlsec1-devel-1.2.37-150400.14.3.4 * libxmlsec1-gnutls1-1.2.37-150400.14.3.4 * libxmlsec1-gcrypt1-1.2.37-150400.14.3.4 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * libxmlsec1-nss1-1.2.37-150400.14.3.4 * libxmlsec1-nss1-debuginfo-1.2.37-150400.14.3.4 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libreoffice-calc-extensions-7.5.4.1-150400.17.12.4 * libreofficekit-7.5.4.1-150400.17.12.4 * libreoffice-impress-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-7.5.4.1-150400.17.12.4 * libxmlsec1-nss1-1.2.37-150400.14.3.4 * libreoffice-pyuno-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-math-7.5.4.1-150400.17.12.4 * xmlsec1-debuginfo-1.2.37-150400.14.3.4 * libreoffice-filters-optional-7.5.4.1-150400.17.12.4 * libreoffice-writer-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-7.5.4.1-150400.17.12.4 * libreoffice-debugsource-7.5.4.1-150400.17.12.4 * libxmlsec1-nss1-debuginfo-1.2.37-150400.14.3.4 * libreoffice-base-drivers-postgresql-7.5.4.1-150400.17.12.4 * libreoffice-impress-7.5.4.1-150400.17.12.4 * xmlsec1-nss-devel-1.2.37-150400.14.3.4 * libreoffice-7.5.4.1-150400.17.12.4 * xmlsec1-openssl-devel-1.2.37-150400.14.3.4 * libreoffice-gnome-7.5.4.1-150400.17.12.4 * libreoffice-officebean-7.5.4.1-150400.17.12.4 * libreoffice-writer-7.5.4.1-150400.17.12.4 * libreoffice-base-7.5.4.1-150400.17.12.4 * libreoffice-math-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-7.5.4.1-150400.17.12.4 * libreoffice-gnome-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-officebean-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-base-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-writer-extensions-7.5.4.1-150400.17.12.4 * xmlsec1-devel-1.2.37-150400.14.3.4 * libreoffice-mailmerge-7.5.4.1-150400.17.12.4 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * libreoffice-l10n-gu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cs-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lv-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ve-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ta-7.5.4.1-150400.17.12.4 * libreoffice-l10n-el-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-he-7.5.4.1-150400.17.12.4 * libreoffice-l10n-te-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_BR-7.5.4.1-150400.17.12.4 * libreoffice-l10n-or-7.5.4.1-150400.17.12.4 * libreoffice-l10n-uk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nso-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ckb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sv-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lt-7.5.4.1-150400.17.12.4 * libreoffice-l10n-da-7.5.4.1-150400.17.12.4 * libreoffice-l10n-xh-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-et-7.5.4.1-150400.17.12.4 * libreoffice-branding-upstream-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mai-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ts-7.5.4.1-150400.17.12.4 * libreoffice-l10n-st-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cy-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ro-7.5.4.1-150400.17.12.4 * libreoffice-l10n-de-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ca-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_TW-7.5.4.1-150400.17.12.4 * libreoffice-l10n-es-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fa-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ml-7.5.4.1-150400.17.12.4 * libreoffice-l10n-af-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ko-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dz-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_PT-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bg-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ss-7.5.4.1-150400.17.12.4 * libreoffice-icon-themes-7.5.4.1-150400.17.12.4 * libreoffice-l10n-as-7.5.4.1-150400.17.12.4 * libreoffice-l10n-th-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ar-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_CN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-si-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ru-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-br-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ja-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fur-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ga-7.5.4.1-150400.17.12.4 * libreoffice-l10n-it-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pa-7.5.4.1-150400.17.12.4 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libreoffice-calc-extensions-7.5.4.1-150400.17.12.4 * libreofficekit-7.5.4.1-150400.17.12.4 * libreoffice-impress-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-math-7.5.4.1-150400.17.12.4 * libreoffice-filters-optional-7.5.4.1-150400.17.12.4 * libreoffice-writer-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-gtk3-7.5.4.1-150400.17.12.4 * libreoffice-debugsource-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-7.5.4.1-150400.17.12.4 * libreoffice-impress-7.5.4.1-150400.17.12.4 * libreoffice-7.5.4.1-150400.17.12.4 * libreoffice-gnome-7.5.4.1-150400.17.12.4 * libreoffice-officebean-7.5.4.1-150400.17.12.4 * libreoffice-writer-7.5.4.1-150400.17.12.4 * libreoffice-base-7.5.4.1-150400.17.12.4 * libreoffice-math-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-calc-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-pyuno-7.5.4.1-150400.17.12.4 * libreoffice-base-drivers-postgresql-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-7.5.4.1-150400.17.12.4 * libreoffice-gnome-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-officebean-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-draw-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-base-debuginfo-7.5.4.1-150400.17.12.4 * libreoffice-writer-extensions-7.5.4.1-150400.17.12.4 * libreoffice-mailmerge-7.5.4.1-150400.17.12.4 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * libreoffice-l10n-gu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cs-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lv-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ve-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ta-7.5.4.1-150400.17.12.4 * libreoffice-l10n-el-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eo-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-he-7.5.4.1-150400.17.12.4 * libreoffice-l10n-te-7.5.4.1-150400.17.12.4 * libreoffice-l10n-eu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-tn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_BR-7.5.4.1-150400.17.12.4 * libreoffice-l10n-or-7.5.4.1-150400.17.12.4 * libreoffice-l10n-uk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nso-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ckb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sv-7.5.4.1-150400.17.12.4 * libreoffice-l10n-lt-7.5.4.1-150400.17.12.4 * libreoffice-l10n-da-7.5.4.1-150400.17.12.4 * libreoffice-l10n-xh-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-et-7.5.4.1-150400.17.12.4 * libreoffice-branding-upstream-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-mai-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ts-7.5.4.1-150400.17.12.4 * libreoffice-l10n-st-7.5.4.1-150400.17.12.4 * libreoffice-l10n-cy-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ro-7.5.4.1-150400.17.12.4 * libreoffice-l10n-de-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ca-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_TW-7.5.4.1-150400.17.12.4 * libreoffice-l10n-es-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fa-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ml-7.5.4.1-150400.17.12.4 * libreoffice-l10n-af-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ko-7.5.4.1-150400.17.12.4 * libreoffice-l10n-dz-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-hi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-en-7.5.4.1-150400.17.12.4 * libreoffice-l10n-sr-7.5.4.1-150400.17.12.4 * libreoffice-l10n-nb-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fi-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pt_PT-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bn-7.5.4.1-150400.17.12.4 * libreoffice-l10n-bg-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ss-7.5.4.1-150400.17.12.4 * libreoffice-icon-themes-7.5.4.1-150400.17.12.4 * libreoffice-l10n-as-7.5.4.1-150400.17.12.4 * libreoffice-l10n-th-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ar-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zh_CN-7.5.4.1-150400.17.12.4 * libreoffice-l10n-si-7.5.4.1-150400.17.12.4 * libreoffice-l10n-zu-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ru-7.5.4.1-150400.17.12.4 * libreoffice-l10n-gl-7.5.4.1-150400.17.12.4 * libreoffice-l10n-br-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ja-7.5.4.1-150400.17.12.4 * libreoffice-l10n-kk-7.5.4.1-150400.17.12.4 * libreoffice-l10n-fur-7.5.4.1-150400.17.12.4 * libreoffice-l10n-ga-7.5.4.1-150400.17.12.4 * libreoffice-l10n-it-7.5.4.1-150400.17.12.4 * libreoffice-l10n-pa-7.5.4.1-150400.17.12.4 ## References: * https://www.suse.com/security/cve/CVE-2023-0950.html * https://www.suse.com/security/cve/CVE-2023-2255.html * https://bugzilla.suse.com/show_bug.cgi?id=1198666 * https://bugzilla.suse.com/show_bug.cgi?id=1200085 * https://bugzilla.suse.com/show_bug.cgi?id=1204040 * https://bugzilla.suse.com/show_bug.cgi?id=1209242 * https://bugzilla.suse.com/show_bug.cgi?id=1210687 * https://bugzilla.suse.com/show_bug.cgi?id=1211746 * https://jira.suse.com/browse/PED-3549 * https://jira.suse.com/browse/PED-3550 * https://jira.suse.com/browse/PED-3561 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 08:54:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 08:54:55 -0000 Subject: SUSE-RU-2023:3412-1: moderate: Recommended update for 389-ds Message-ID: <169286729596.22974.10739751080409496063@smelt2.suse.de> # Recommended update for 389-ds Announcement ID: SUSE-RU-2023:3412-1 Rating: moderate References: * #1212726 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for 389-ds fixes the following issues: * SSSD client performance improvements (bsc#1212726) * Update to version 2.0.17~git81.849cc42 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3412=1 openSUSE-SLE-15.4-2023-3412=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3412=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * lib389-2.0.17~git81.849cc42-150400.3.31.1 * 389-ds-devel-2.0.17~git81.849cc42-150400.3.31.1 * libsvrcore0-2.0.17~git81.849cc42-150400.3.31.1 * libsvrcore0-debuginfo-2.0.17~git81.849cc42-150400.3.31.1 * 389-ds-debugsource-2.0.17~git81.849cc42-150400.3.31.1 * 389-ds-snmp-debuginfo-2.0.17~git81.849cc42-150400.3.31.1 * 389-ds-debuginfo-2.0.17~git81.849cc42-150400.3.31.1 * 389-ds-2.0.17~git81.849cc42-150400.3.31.1 * 389-ds-snmp-2.0.17~git81.849cc42-150400.3.31.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * lib389-2.0.17~git81.849cc42-150400.3.31.1 * 389-ds-devel-2.0.17~git81.849cc42-150400.3.31.1 * libsvrcore0-2.0.17~git81.849cc42-150400.3.31.1 * libsvrcore0-debuginfo-2.0.17~git81.849cc42-150400.3.31.1 * 389-ds-debugsource-2.0.17~git81.849cc42-150400.3.31.1 * 389-ds-debuginfo-2.0.17~git81.849cc42-150400.3.31.1 * 389-ds-2.0.17~git81.849cc42-150400.3.31.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 08:54:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 08:54:58 -0000 Subject: SUSE-RU-2023:3411-1: moderate: Recommended update for 389-ds Message-ID: <169286729806.22974.13805942109615121326@smelt2.suse.de> # Recommended update for 389-ds Announcement ID: SUSE-RU-2023:3411-1 Rating: moderate References: * #1212726 Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for 389-ds fixes the following issues: * SSSD client performance improvements (bsc#1212726) * Update to version 2.2.8~git37.fdb3bae ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3411=1 openSUSE-SLE-15.5-2023-3411=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3411=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * 389-ds-devel-2.2.8~git37.fdb3bae-150500.3.11.1 * 389-ds-snmp-debuginfo-2.2.8~git37.fdb3bae-150500.3.11.1 * libsvrcore0-2.2.8~git37.fdb3bae-150500.3.11.1 * 389-ds-debuginfo-2.2.8~git37.fdb3bae-150500.3.11.1 * 389-ds-debugsource-2.2.8~git37.fdb3bae-150500.3.11.1 * lib389-2.2.8~git37.fdb3bae-150500.3.11.1 * libsvrcore0-debuginfo-2.2.8~git37.fdb3bae-150500.3.11.1 * 389-ds-2.2.8~git37.fdb3bae-150500.3.11.1 * 389-ds-snmp-2.2.8~git37.fdb3bae-150500.3.11.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * 389-ds-devel-2.2.8~git37.fdb3bae-150500.3.11.1 * libsvrcore0-2.2.8~git37.fdb3bae-150500.3.11.1 * 389-ds-debuginfo-2.2.8~git37.fdb3bae-150500.3.11.1 * 389-ds-debugsource-2.2.8~git37.fdb3bae-150500.3.11.1 * lib389-2.2.8~git37.fdb3bae-150500.3.11.1 * libsvrcore0-debuginfo-2.2.8~git37.fdb3bae-150500.3.11.1 * 389-ds-2.2.8~git37.fdb3bae-150500.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212726 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 08:55:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 08:55:00 -0000 Subject: SUSE-RU-2023:3410-1: moderate: Recommended update for audit Message-ID: <169286730032.22974.12506262186609912113@smelt2.suse.de> # Recommended update for audit Announcement ID: SUSE-RU-2023:3410-1 Rating: moderate References: * #1201519 * #1204844 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for audit fixes the following issues: * Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) * Fix rules not loaded when restarting auditd.service (bsc#1204844) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3410=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3410=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3410=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3410=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3410=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3410=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3410=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3410=1 openSUSE-SLE-15.4-2023-3410=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3410=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3410=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libaudit1-debuginfo-3.0.6-150400.4.13.1 * python3-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.13.1 * libauparse0-3.0.6-150400.4.13.1 * audit-secondary-debugsource-3.0.6-150400.4.13.1 * system-group-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-3.0.6-150400.4.13.1 * libaudit1-3.0.6-150400.4.13.1 * audit-3.0.6-150400.4.13.1 * libauparse0-debuginfo-3.0.6-150400.4.13.1 * python3-audit-debuginfo-3.0.6-150400.4.13.1 * audit-devel-3.0.6-150400.4.13.1 * audit-debugsource-3.0.6-150400.4.13.1 * audit-debuginfo-3.0.6-150400.4.13.1 * openSUSE Leap 15.5 (x86_64) * libaudit1-32bit-debuginfo-3.0.6-150400.4.13.1 * libauparse0-32bit-3.0.6-150400.4.13.1 * audit-devel-32bit-3.0.6-150400.4.13.1 * libauparse0-32bit-debuginfo-3.0.6-150400.4.13.1 * libaudit1-32bit-3.0.6-150400.4.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libaudit1-debuginfo-3.0.6-150400.4.13.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.13.1 * libauparse0-3.0.6-150400.4.13.1 * audit-secondary-debugsource-3.0.6-150400.4.13.1 * system-group-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-3.0.6-150400.4.13.1 * libaudit1-3.0.6-150400.4.13.1 * audit-3.0.6-150400.4.13.1 * libauparse0-debuginfo-3.0.6-150400.4.13.1 * python3-audit-debuginfo-3.0.6-150400.4.13.1 * python3-audit-3.0.6-150400.4.13.1 * audit-debugsource-3.0.6-150400.4.13.1 * audit-debuginfo-3.0.6-150400.4.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libaudit1-debuginfo-3.0.6-150400.4.13.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.13.1 * libauparse0-3.0.6-150400.4.13.1 * audit-secondary-debugsource-3.0.6-150400.4.13.1 * system-group-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-3.0.6-150400.4.13.1 * libaudit1-3.0.6-150400.4.13.1 * audit-3.0.6-150400.4.13.1 * libauparse0-debuginfo-3.0.6-150400.4.13.1 * python3-audit-debuginfo-3.0.6-150400.4.13.1 * python3-audit-3.0.6-150400.4.13.1 * audit-debugsource-3.0.6-150400.4.13.1 * audit-debuginfo-3.0.6-150400.4.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libaudit1-debuginfo-3.0.6-150400.4.13.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.13.1 * libauparse0-3.0.6-150400.4.13.1 * audit-secondary-debugsource-3.0.6-150400.4.13.1 * system-group-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-3.0.6-150400.4.13.1 * libaudit1-3.0.6-150400.4.13.1 * audit-3.0.6-150400.4.13.1 * libauparse0-debuginfo-3.0.6-150400.4.13.1 * python3-audit-debuginfo-3.0.6-150400.4.13.1 * python3-audit-3.0.6-150400.4.13.1 * audit-debugsource-3.0.6-150400.4.13.1 * audit-debuginfo-3.0.6-150400.4.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libaudit1-debuginfo-3.0.6-150400.4.13.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.13.1 * libauparse0-3.0.6-150400.4.13.1 * audit-secondary-debugsource-3.0.6-150400.4.13.1 * system-group-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-3.0.6-150400.4.13.1 * libaudit1-3.0.6-150400.4.13.1 * audit-3.0.6-150400.4.13.1 * libauparse0-debuginfo-3.0.6-150400.4.13.1 * python3-audit-debuginfo-3.0.6-150400.4.13.1 * python3-audit-3.0.6-150400.4.13.1 * audit-debugsource-3.0.6-150400.4.13.1 * audit-debuginfo-3.0.6-150400.4.13.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libaudit1-debuginfo-3.0.6-150400.4.13.1 * python3-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.13.1 * libauparse0-3.0.6-150400.4.13.1 * audit-secondary-debugsource-3.0.6-150400.4.13.1 * system-group-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-3.0.6-150400.4.13.1 * libaudit1-3.0.6-150400.4.13.1 * audit-3.0.6-150400.4.13.1 * libauparse0-debuginfo-3.0.6-150400.4.13.1 * python3-audit-debuginfo-3.0.6-150400.4.13.1 * audit-devel-3.0.6-150400.4.13.1 * audit-debugsource-3.0.6-150400.4.13.1 * audit-debuginfo-3.0.6-150400.4.13.1 * Basesystem Module 15-SP4 (x86_64) * libaudit1-32bit-debuginfo-3.0.6-150400.4.13.1 * libaudit1-32bit-3.0.6-150400.4.13.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libaudit1-debuginfo-3.0.6-150400.4.13.1 * python3-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.13.1 * libauparse0-3.0.6-150400.4.13.1 * audit-secondary-debugsource-3.0.6-150400.4.13.1 * system-group-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-3.0.6-150400.4.13.1 * libaudit1-3.0.6-150400.4.13.1 * audit-3.0.6-150400.4.13.1 * libauparse0-debuginfo-3.0.6-150400.4.13.1 * python3-audit-debuginfo-3.0.6-150400.4.13.1 * audit-devel-3.0.6-150400.4.13.1 * audit-debugsource-3.0.6-150400.4.13.1 * audit-debuginfo-3.0.6-150400.4.13.1 * Basesystem Module 15-SP5 (x86_64) * libaudit1-32bit-debuginfo-3.0.6-150400.4.13.1 * libaudit1-32bit-3.0.6-150400.4.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * audit-devel-3.0.6-150400.4.13.1 * libaudit1-debuginfo-3.0.6-150400.4.13.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.13.1 * libauparse0-3.0.6-150400.4.13.1 * audit-secondary-debugsource-3.0.6-150400.4.13.1 * system-group-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-3.0.6-150400.4.13.1 * libaudit1-3.0.6-150400.4.13.1 * audit-3.0.6-150400.4.13.1 * python3-audit-debuginfo-3.0.6-150400.4.13.1 * libauparse0-debuginfo-3.0.6-150400.4.13.1 * python3-audit-3.0.6-150400.4.13.1 * audit-debugsource-3.0.6-150400.4.13.1 * audit-debuginfo-3.0.6-150400.4.13.1 * openSUSE Leap 15.4 (x86_64) * libaudit1-32bit-debuginfo-3.0.6-150400.4.13.1 * libauparse0-32bit-3.0.6-150400.4.13.1 * audit-devel-32bit-3.0.6-150400.4.13.1 * libauparse0-32bit-debuginfo-3.0.6-150400.4.13.1 * libaudit1-32bit-3.0.6-150400.4.13.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libauparse0-64bit-3.0.6-150400.4.13.1 * libauparse0-64bit-debuginfo-3.0.6-150400.4.13.1 * libaudit1-64bit-debuginfo-3.0.6-150400.4.13.1 * audit-devel-64bit-3.0.6-150400.4.13.1 * libaudit1-64bit-3.0.6-150400.4.13.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libaudit1-debuginfo-3.0.6-150400.4.13.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.13.1 * libauparse0-3.0.6-150400.4.13.1 * audit-secondary-debugsource-3.0.6-150400.4.13.1 * system-group-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-3.0.6-150400.4.13.1 * libaudit1-3.0.6-150400.4.13.1 * audit-3.0.6-150400.4.13.1 * libauparse0-debuginfo-3.0.6-150400.4.13.1 * python3-audit-debuginfo-3.0.6-150400.4.13.1 * python3-audit-3.0.6-150400.4.13.1 * audit-debugsource-3.0.6-150400.4.13.1 * audit-debuginfo-3.0.6-150400.4.13.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libaudit1-debuginfo-3.0.6-150400.4.13.1 * audit-audispd-plugins-debuginfo-3.0.6-150400.4.13.1 * libauparse0-3.0.6-150400.4.13.1 * audit-secondary-debugsource-3.0.6-150400.4.13.1 * system-group-audit-3.0.6-150400.4.13.1 * audit-audispd-plugins-3.0.6-150400.4.13.1 * libaudit1-3.0.6-150400.4.13.1 * audit-3.0.6-150400.4.13.1 * libauparse0-debuginfo-3.0.6-150400.4.13.1 * python3-audit-debuginfo-3.0.6-150400.4.13.1 * python3-audit-3.0.6-150400.4.13.1 * audit-debugsource-3.0.6-150400.4.13.1 * audit-debuginfo-3.0.6-150400.4.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201519 * https://bugzilla.suse.com/show_bug.cgi?id=1204844 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:03 -0000 Subject: SUSE-SU-2023:3433-1: low: Security update for indent Message-ID: <169288020340.12112.2320152101773054525@smelt2.suse.de> # Security update for indent Announcement ID: SUSE-SU-2023:3433-1 Rating: low References: * #1214243 Cross-References: * CVE-2023-40305 CVSS scores: * CVE-2023-40305 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-40305 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for indent fixes the following issues: * CVE-2023-40305: Fixed a memory safety issues bug. (bsc#1214243) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3433=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3433=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3433=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3433=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * indent-2.2.11-150000.3.6.1 * indent-debugsource-2.2.11-150000.3.6.1 * indent-debuginfo-2.2.11-150000.3.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * indent-2.2.11-150000.3.6.1 * indent-debugsource-2.2.11-150000.3.6.1 * indent-debuginfo-2.2.11-150000.3.6.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * indent-2.2.11-150000.3.6.1 * indent-debugsource-2.2.11-150000.3.6.1 * indent-debuginfo-2.2.11-150000.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * indent-2.2.11-150000.3.6.1 * indent-debugsource-2.2.11-150000.3.6.1 * indent-debuginfo-2.2.11-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40305.html * https://bugzilla.suse.com/show_bug.cgi?id=1214243 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:05 -0000 Subject: SUSE-SU-2023:3432-1: low: Security update for indent Message-ID: <169288020541.12112.15712920471208370885@smelt2.suse.de> # Security update for indent Announcement ID: SUSE-SU-2023:3432-1 Rating: low References: * #1214243 Cross-References: * CVE-2023-40305 CVSS scores: * CVE-2023-40305 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-40305 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for indent fixes the following issues: * CVE-2023-40305: Fixed a memory safety issues bug. (bsc#1214243) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3432=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * indent-debuginfo-2.2.10-38.6.1 * indent-2.2.10-38.6.1 * indent-debugsource-2.2.10-38.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40305.html * https://bugzilla.suse.com/show_bug.cgi?id=1214243 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:07 -0000 Subject: SUSE-SU-2023:3431-1: low: Security update for gawk Message-ID: <169288020772.12112.11442098944364790908@smelt2.suse.de> # Security update for gawk Announcement ID: SUSE-SU-2023:3431-1 Rating: low References: * #1214025 Cross-References: * CVE-2023-4156 CVSS scores: * CVE-2023-4156 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gawk fixes the following issues: * CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3431=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3431=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3431=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * gawk-4.1.0-5.3.1 * gawk-debuginfo-4.1.0-5.3.1 * gawk-debugsource-4.1.0-5.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * gawk-4.1.0-5.3.1 * gawk-debuginfo-4.1.0-5.3.1 * gawk-debugsource-4.1.0-5.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * gawk-4.1.0-5.3.1 * gawk-debuginfo-4.1.0-5.3.1 * gawk-debugsource-4.1.0-5.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4156.html * https://bugzilla.suse.com/show_bug.cgi?id=1214025 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:16 -0000 Subject: SUSE-RU-2023:3430-1: moderate: Recommended update for yast2-firstboot Message-ID: <169288021675.12112.6351716745190617787@smelt2.suse.de> # Recommended update for yast2-firstboot Announcement ID: SUSE-RU-2023:3430-1 Rating: moderate References: * #1206627 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-firstboot fixes the following issues: * Adapt users client to the changes in yast2-users fixing an issue when modification NIS users is not possible. (bsc#1206627) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3430=1 openSUSE-SLE-15.4-2023-3430=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3430=1 ## Package List: * openSUSE Leap 15.4 (noarch) * yast2-firstboot-4.4.12-150400.3.12.1 * yast2-firstboot-wsl-4.4.12-150400.3.12.1 * Basesystem Module 15-SP4 (noarch) * yast2-firstboot-4.4.12-150400.3.12.1 * yast2-firstboot-wsl-4.4.12-150400.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206627 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:19 -0000 Subject: SUSE-RU-2023:3429-1: moderate: Recommended update for yast2-firstboot Message-ID: <169288021979.12112.1682362352372267691@smelt2.suse.de> # Recommended update for yast2-firstboot Announcement ID: SUSE-RU-2023:3429-1 Rating: moderate References: * #1206627 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for yast2-firstboot fixes the following issues: * Adapt users client to the changes in yast2-users fixing an issue when modification NIS users is not possible. (bsc#1206627) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3429=1 SUSE-2023-3429=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3429=1 ## Package List: * openSUSE Leap 15.5 (noarch) * yast2-firstboot-4.5.7-150500.3.3.1 * yast2-firstboot-wsl-4.5.7-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * yast2-firstboot-4.5.7-150500.3.3.1 * yast2-firstboot-wsl-4.5.7-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206627 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:22 -0000 Subject: SUSE-RU-2023:3428-1: moderate: Recommended update for sap-installation-wizard Message-ID: <169288022209.12112.16827246505818713800@smelt2.suse.de> # Recommended update for sap-installation-wizard Announcement ID: SUSE-RU-2023:3428-1 Rating: moderate References: * #1211099 * #1212097 * #1212813 Affected Products: * openSUSE Leap 15.5 * SAP Applications Module 15-SP5 * SAP Business One Module 15-SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has three recommended fixes can now be installed. ## Description: This update for sap-installation-wizard fixes the following issues: * Fixes an issue when 'sap-installation-wizard' update is trying to install file as sapconf but with different content. (bsc#1212813) * Fixes an issue when the 'sap-installation-wizard' can't find the installer on BusinessOne image. (bsc#1212097) * Enable 'sapconf' to apply the required system settings by start. * Fixes an issue when 'sap-installation-wizard' aborts with wrong number of arguments. (bsc#1211099) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3428=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3428=1 * SAP Business One Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Business-One-15-SP5-2023-3428=1 ## Package List: * openSUSE Leap 15.5 (ppc64le x86_64) * sap-installation-wizard-4.5.8-150500.5.3.1 * bone-installation-wizard-4.5.8-150500.5.3.1 * SAP Applications Module 15-SP5 (ppc64le x86_64) * sap-installation-wizard-4.5.8-150500.5.3.1 * SAP Business One Module 15-SP5 (x86_64) * bone-installation-wizard-4.5.8-150500.5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211099 * https://bugzilla.suse.com/show_bug.cgi?id=1212097 * https://bugzilla.suse.com/show_bug.cgi?id=1212813 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:24 -0000 Subject: SUSE-RU-2023:3426-1: moderate: Recommended update for ocfs2-tools Message-ID: <169288022491.12112.12546216423323348383@smelt2.suse.de> # Recommended update for ocfs2-tools Announcement ID: SUSE-RU-2023:3426-1 Rating: moderate References: * #1203166 * PED-5462 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for ocfs2-tools fixes the following issues: * Enable defragmentation tools for ocfs2. (bsc#1203166, jsc#PED-5462)) * Apply upstream patch to support 'dump_fs_locks_v4'. (bsc#1203166) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3426=1 openSUSE-SLE-15.4-2023-3426=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3426=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * ocfs2-tools-debuginfo-1.8.7-150400.6.6.1 * ocfs2-tools-debugsource-1.8.7-150400.6.6.1 * ocfs2-tools-o2cb-debuginfo-1.8.7-150400.6.6.1 * ocfs2-tools-1.8.7-150400.6.6.1 * ocfs2-tools-devel-static-1.8.7-150400.6.6.1 * ocfs2-tools-o2cb-1.8.7-150400.6.6.1 * ocfs2-tools-devel-1.8.7-150400.6.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ocfs2-tools-debuginfo-1.8.7-150400.6.6.1 * ocfs2-tools-debugsource-1.8.7-150400.6.6.1 * ocfs2-tools-o2cb-debuginfo-1.8.7-150400.6.6.1 * ocfs2-tools-1.8.7-150400.6.6.1 * ocfs2-tools-o2cb-1.8.7-150400.6.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203166 * https://jira.suse.com/browse/PED-5462 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:26 -0000 Subject: SUSE-RU-2023:3425-1: moderate: Recommended update for google-cloud-sap-agent Message-ID: <169288022663.12112.6817293880146321047@smelt2.suse.de> # Recommended update for google-cloud-sap-agent Announcement ID: SUSE-RU-2023:3425-1 Rating: moderate References: * #1214293 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issues: * Install missing default configuration file (bsc#1214293) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3425=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-6.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:29 -0000 Subject: SUSE-RU-2023:3424-1: moderate: Recommended update for release-notes-sles-for-sap Message-ID: <169288022997.12112.13677440670889848687@smelt2.suse.de> # Recommended update for release-notes-sles-for-sap Announcement ID: SUSE-RU-2023:3424-1 Rating: moderate References: * #1208489 * #1214331 * PED-407 Affected Products: * openSUSE Leap 15.4 * SAP Applications Module 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that contains one feature and has two recommended fixes can now be installed. ## Description: This update for release-notes-sles-for-sap fixes the following issues: * Fixed ESPOS wording (bsc#1208489) * Added note about silencing killmode=none (jsc#PED-407) * Fixed kernel version to 5.14 (bsc#1214331) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3424=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-3424=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-sles-for-sap-15.4.20230818-150400.3.12.1 * SAP Applications Module 15-SP4 (noarch) * release-notes-sles-for-sap-15.4.20230818-150400.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208489 * https://bugzilla.suse.com/show_bug.cgi?id=1214331 * https://jira.suse.com/browse/PED-407 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:31 -0000 Subject: SUSE-RU-2023:3423-1: moderate: Recommended update for salt-shaptools Message-ID: <169288023163.12112.2084995183873588489@smelt2.suse.de> # Recommended update for salt-shaptools Announcement ID: SUSE-RU-2023:3423-1 Rating: moderate References: Affected Products: * SAP Applications Module 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that can now be installed. ## Description: This update for salt-shaptools fixes the following issues: * Version 0.3.18 * Salt no longer vendors six (>=salt-3006.0) https://github.com/saltstack/salt/issues/63874 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-3423=1 ## Package List: * SAP Applications Module 15-SP1 (noarch) * salt-shaptools-0.3.18+git.1690200022.db379c1-150000.1.15.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:30:34 -0000 Subject: SUSE-RU-2023:3422-1: important: Recommended update for gnu-efi Message-ID: <169288023439.12112.4783745454057748438@smelt2.suse.de> # Recommended update for gnu-efi Announcement ID: SUSE-RU-2023:3422-1 Rating: important References: * #1213923 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one recommended fix can now be installed. ## Description: This update for gnu-efi fixes the following issues: * Add the non-executable GNU stack marking on ELF-linux (bsc#1213923) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3422=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3422=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3422=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3422=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3422=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3422=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * gnu-efi-3.0.8-150100.7.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gnu-efi-3.0.8-150100.7.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * gnu-efi-3.0.8-150100.7.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * gnu-efi-3.0.8-150100.7.3.1 * SUSE CaaS Platform 4.0 (x86_64) * gnu-efi-3.0.8-150100.7.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * gnu-efi-3.0.8-150100.7.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gnu-efi-3.0.8-150100.7.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213923 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:31:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:31:21 -0000 Subject: SUSE-SU-2023:3421-1: important: Security update for the Linux Kernel Message-ID: <169288028127.12112.797445766289620964@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3421-1 Rating: important References: * #1199304 * #1206418 * #1207270 * #1210584 * #1211131 * #1211738 * #1211867 * #1212301 * #1212741 * #1212835 * #1212846 * #1213059 * #1213061 * #1213167 * #1213245 * #1213286 * #1213287 * #1213354 * #1213543 * #1213585 * #1213586 * #1213588 * #1213653 * #1213868 * PED-4567 Cross-References: * CVE-2022-40982 * CVE-2023-0459 * CVE-2023-20569 * CVE-2023-20593 * CVE-2023-2156 * CVE-2023-2985 * CVE-2023-3117 * CVE-2023-31248 * CVE-2023-3390 * CVE-2023-35001 * CVE-2023-3567 * CVE-2023-3609 * CVE-2023-3611 * CVE-2023-3776 * CVE-2023-3812 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves 15 vulnerabilities, contains one feature and has nine fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2156: Fixed IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability (bsc#1211131). * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack ?Inception? or ?RAS Poisoning? (bsc#1213287). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: * arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). * get module prefix from kmod (bsc#1212835). * remove more packaging cruft for sle < 12 sp3 * block, bfq: fix division by zero error on zero wsum (bsc#1213653). * init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). * init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). * init: provide arch_cpu_finalize_init() (bsc#1206418). * init: remove check_bugs() leftovers (bsc#1206418). * jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). * kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps") * kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. * kernel-docs: use python3 together with python3-sphinx (bsc#1212741). * keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). * lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). * locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). * locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). * locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). * locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). * locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). * locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). * locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). * locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). * locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). * locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). * locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). * locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). * locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). * locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). * locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). * locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). * locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). * locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). * locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). * locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net: mana: add support for vlan tagging (bsc#1212301). * ocfs2: fix a deadlock when commit trans (bsc#1199304). * ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). * ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). * rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe they depend on config_toolchain_has__. * rwsem-rt: implement down_read_interruptible (bsc#1207270, jsc#ped-4567, sle realtime extension). * rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). * rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). * ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). * usrmerge: adjust module path in the kernel sources (bsc#1212835). * x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). * x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). * x86/microcode/AMD: Make stub function static inline (bsc#1213868). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3421=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3421=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3421=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.138.3 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.138.3 * kernel-rt-debugsource-5.3.18-150300.138.3 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.138.3 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.138.3 * kernel-rt-debugsource-5.3.18-150300.138.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.138.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.138.3 * kernel-rt-debugsource-5.3.18-150300.138.3 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://bugzilla.suse.com/show_bug.cgi?id=1199304 * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207270 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213354 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213653 * https://bugzilla.suse.com/show_bug.cgi?id=1213868 * https://jira.suse.com/browse/PED-4567 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 12:31:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 12:31:23 -0000 Subject: SUSE-SU-2023:3420-1: important: Security update for libcares2 Message-ID: <169288028355.12112.13079642530962495944@smelt2.suse.de> # Security update for libcares2 Announcement ID: SUSE-SU-2023:3420-1 Rating: important References: * #1208067 Cross-References: * CVE-2022-4904 CVSS scores: * CVE-2022-4904 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2022-4904 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libcares2 fixes the following issues: * CVE-2022-4904: Fixed stack overflow in ares_set_sortlist() (bsc#1208067). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3420=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3420=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3420=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3420=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3420=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.9.1-9.15.1 * libcares2-debugsource-1.9.1-9.15.1 * libcares-devel-1.9.1-9.15.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libcares2-debuginfo-1.9.1-9.15.1 * libcares2-debugsource-1.9.1-9.15.1 * libcares2-1.9.1-9.15.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.9.1-9.15.1 * libcares2-debugsource-1.9.1-9.15.1 * libcares2-1.9.1-9.15.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libcares2-debuginfo-1.9.1-9.15.1 * libcares2-debugsource-1.9.1-9.15.1 * libcares2-1.9.1-9.15.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libcares2-debugsource-1.9.1-9.15.1 * libcares2-32bit-1.9.1-9.15.1 * libcares2-debuginfo-32bit-1.9.1-9.15.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4904.html * https://bugzilla.suse.com/show_bug.cgi?id=1208067 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 16:30:02 -0000 Subject: SUSE-SU-2023:3435-1: important: Security update for clamav Message-ID: <169289460230.8803.15429077007144584593@smelt2.suse.de> # Security update for clamav Announcement ID: SUSE-SU-2023:3435-1 Rating: important References: * #1214342 Cross-References: * CVE-2023-20197 CVSS scores: * CVE-2023-20197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for clamav fixes the following issues: * Update to 0.103.9 * CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+ file parser. (bsc#1214342) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3435=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3435=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3435=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * clamav-0.103.9-3.27.1 * clamav-debuginfo-0.103.9-3.27.1 * clamav-debugsource-0.103.9-3.27.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * clamav-0.103.9-3.27.1 * clamav-debuginfo-0.103.9-3.27.1 * clamav-debugsource-0.103.9-3.27.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * clamav-0.103.9-3.27.1 * clamav-debuginfo-0.103.9-3.27.1 * clamav-debugsource-0.103.9-3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20197.html * https://bugzilla.suse.com/show_bug.cgi?id=1214342 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 24 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Aug 2023 16:30:04 -0000 Subject: SUSE-SU-2023:3434-1: important: Security update for krb5 Message-ID: <169289460457.8803.3415938853357965780@smelt2.suse.de> # Security update for krb5 Announcement ID: SUSE-SU-2023:3434-1 Rating: important References: * #1214054 Cross-References: * CVE-2023-36054 CVSS scores: * CVE-2023-36054 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-36054 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for krb5 fixes the following issues: * CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3434=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3434=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3434=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3434=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3434=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3434=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * krb5-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-1.16.3-150100.3.30.1 * krb5-debugsource-1.16.3-150100.3.30.1 * krb5-client-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.30.1 * krb5-debuginfo-1.16.3-150100.3.30.1 * krb5-devel-1.16.3-150100.3.30.1 * krb5-server-1.16.3-150100.3.30.1 * krb5-client-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.30.1 * krb5-server-debuginfo-1.16.3-150100.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.30.1 * krb5-32bit-1.16.3-150100.3.30.1 * SUSE CaaS Platform 4.0 (x86_64) * krb5-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.30.1 * krb5-32bit-debuginfo-1.16.3-150100.3.30.1 * krb5-32bit-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-1.16.3-150100.3.30.1 * krb5-debugsource-1.16.3-150100.3.30.1 * krb5-client-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.30.1 * krb5-debuginfo-1.16.3-150100.3.30.1 * krb5-devel-1.16.3-150100.3.30.1 * krb5-server-1.16.3-150100.3.30.1 * krb5-client-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.30.1 * krb5-server-debuginfo-1.16.3-150100.3.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * krb5-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-1.16.3-150100.3.30.1 * krb5-debugsource-1.16.3-150100.3.30.1 * krb5-client-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.30.1 * krb5-debuginfo-1.16.3-150100.3.30.1 * krb5-devel-1.16.3-150100.3.30.1 * krb5-server-1.16.3-150100.3.30.1 * krb5-client-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.30.1 * krb5-server-debuginfo-1.16.3-150100.3.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.30.1 * krb5-32bit-1.16.3-150100.3.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * krb5-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-1.16.3-150100.3.30.1 * krb5-debugsource-1.16.3-150100.3.30.1 * krb5-client-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.30.1 * krb5-debuginfo-1.16.3-150100.3.30.1 * krb5-devel-1.16.3-150100.3.30.1 * krb5-server-1.16.3-150100.3.30.1 * krb5-client-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.30.1 * krb5-server-debuginfo-1.16.3-150100.3.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.30.1 * krb5-32bit-1.16.3-150100.3.30.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * krb5-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-1.16.3-150100.3.30.1 * krb5-debugsource-1.16.3-150100.3.30.1 * krb5-client-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.30.1 * krb5-debuginfo-1.16.3-150100.3.30.1 * krb5-devel-1.16.3-150100.3.30.1 * krb5-server-1.16.3-150100.3.30.1 * krb5-client-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.30.1 * krb5-server-debuginfo-1.16.3-150100.3.30.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.30.1 * krb5-32bit-1.16.3-150100.3.30.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * krb5-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-1.16.3-150100.3.30.1 * krb5-debugsource-1.16.3-150100.3.30.1 * krb5-client-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.30.1 * krb5-debuginfo-1.16.3-150100.3.30.1 * krb5-devel-1.16.3-150100.3.30.1 * krb5-server-1.16.3-150100.3.30.1 * krb5-client-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.30.1 * krb5-server-debuginfo-1.16.3-150100.3.30.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.30.1 * krb5-32bit-1.16.3-150100.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * krb5-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-otp-1.16.3-150100.3.30.1 * krb5-debugsource-1.16.3-150100.3.30.1 * krb5-client-1.16.3-150100.3.30.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.30.1 * krb5-debuginfo-1.16.3-150100.3.30.1 * krb5-devel-1.16.3-150100.3.30.1 * krb5-server-1.16.3-150100.3.30.1 * krb5-client-debuginfo-1.16.3-150100.3.30.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.30.1 * krb5-server-debuginfo-1.16.3-150100.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.30.1 * krb5-32bit-1.16.3-150100.3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-36054.html * https://bugzilla.suse.com/show_bug.cgi?id=1214054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 25 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Aug 2023 12:30:02 -0000 Subject: SUSE-RU-2023:3436-1: moderate: Recommended update for linuxrc Message-ID: <169296660295.25290.15900131474430581906@smelt2.suse.de> # Recommended update for linuxrc Announcement ID: SUSE-RU-2023:3436-1 Rating: moderate References: * #1213531 * #1213683 Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for linuxrc fixes the following issues: * Fix length of service type list field in SLP request (bsc#1213683) * Add 'auto' query parameter to 'slp' url scheme (bsc#1213531) * Use extended shell pattern matching for 'descr' and 'url' parameters * Don't crash if 'quiet' url parameter has no value * Update to version 7.0.32.5 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3436=1 openSUSE-SLE-15.5-2023-3436=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3436=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * linuxrc-7.0.32.5-150500.3.3.1 * linuxrc-debuginfo-7.0.32.5-150500.3.3.1 * linuxrc-debugsource-7.0.32.5-150500.3.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * linuxrc-7.0.32.5-150500.3.3.1 * linuxrc-debuginfo-7.0.32.5-150500.3.3.1 * linuxrc-debugsource-7.0.32.5-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213531 * https://bugzilla.suse.com/show_bug.cgi?id=1213683 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Aug 25 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Aug 2023 16:30:03 -0000 Subject: SUSE-RU-2023:2658-2: moderate: Recommended update for containerd, docker, runc Message-ID: <169298100306.12031.5167380567077890041@smelt2.suse.de> # Recommended update for containerd, docker, runc Announcement ID: SUSE-RU-2023:2658-2 Rating: moderate References: * #1207004 * #1208074 * #1210298 * #1211578 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has four recommended fixes can now be installed. ## Description: This update for containerd, docker, runc fixes the following issues: * Update to containerd v1.6.21 (bsc#1211578) * Update to Docker 23.0.6-ce (bsc#1211578) * Update to runc v1.1.7 * Require a minimum Go version explicitly (bsc#1210298) * Re-unify packaging for SLE-12 and SLE-15 * Fix build on SLE-12 by switching back to libbtrfs-devel headers * Allow man pages to be built without internet access in OBS * Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux * Fix syntax of boolean dependency * Allow to install container-selinux instead of apparmor-parser * Change to using systemd-sysusers * Update runc.keyring to upstream version * Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2658=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2658=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2658=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2658=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2658=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2658=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2658=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2658=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2658=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2658=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * containerd-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * docker-debuginfo-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * containerd-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * docker-debuginfo-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * containerd-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * docker-debuginfo-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * docker-fish-completion-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * containerd-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * docker-debuginfo-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * docker-fish-completion-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * containerd-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * docker-debuginfo-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * containerd-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * docker-debuginfo-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * containerd-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * docker-debuginfo-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * docker-fish-completion-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * containerd-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * docker-debuginfo-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * containerd-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * docker-debuginfo-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * containerd-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * docker-debuginfo-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * docker-fish-completion-23.0.6_ce-150000.178.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207004 * https://bugzilla.suse.com/show_bug.cgi?id=1208074 * https://bugzilla.suse.com/show_bug.cgi?id=1210298 * https://bugzilla.suse.com/show_bug.cgi?id=1211578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Aug 26 10:08:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Aug 2023 12:08:06 +0200 (CEST) Subject: SUSE-CU-2023:2753-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230826100806.07109FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2753-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-11.4 , bci/dotnet-aspnet:6.0.21 , bci/dotnet-aspnet:6.0.21-11.4 Container Release : 11.4 Severity : moderate Type : recommended References : 1201519 1204844 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - container:sles15-image-15.0.0-36.5.26 updated From sle-updates at lists.suse.com Sat Aug 26 10:08:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Aug 2023 12:08:19 +0200 (CEST) Subject: SUSE-CU-2023:2754-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230826100819.92F1DFDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2754-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.4 , bci/dotnet-aspnet:7.0.10 , bci/dotnet-aspnet:7.0.10-11.4 , bci/dotnet-aspnet:latest Container Release : 11.4 Severity : moderate Type : recommended References : 1201519 1204844 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - container:sles15-image-15.0.0-36.5.26 updated From sle-updates at lists.suse.com Sat Aug 26 10:08:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Aug 2023 12:08:29 +0200 (CEST) Subject: SUSE-CU-2023:2755-1: Recommended update of suse/registry Message-ID: <20230826100829.53720FDDB@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2755-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.18 , suse/registry:latest Container Release : 14.18 Severity : moderate Type : recommended References : 1201519 1204844 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated From sle-updates at lists.suse.com Sat Aug 26 10:08:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Aug 2023 12:08:45 +0200 (CEST) Subject: SUSE-CU-2023:2756-1: Recommended update of bci/dotnet-sdk Message-ID: <20230826100845.999A8FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2756-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-10.4 , bci/dotnet-sdk:6.0.21 , bci/dotnet-sdk:6.0.21-10.4 Container Release : 10.4 Severity : moderate Type : recommended References : 1201519 1204844 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - container:sles15-image-15.0.0-36.5.26 updated From sle-updates at lists.suse.com Sat Aug 26 10:09:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Aug 2023 12:09:03 +0200 (CEST) Subject: SUSE-CU-2023:2757-1: Recommended update of bci/dotnet-sdk Message-ID: <20230826100903.2A7AFFDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2757-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-12.4 , bci/dotnet-sdk:7.0.10 , bci/dotnet-sdk:7.0.10-12.4 , bci/dotnet-sdk:latest Container Release : 12.4 Severity : moderate Type : recommended References : 1201519 1204844 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - container:sles15-image-15.0.0-36.5.26 updated From sle-updates at lists.suse.com Sat Aug 26 10:09:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Aug 2023 12:09:18 +0200 (CEST) Subject: SUSE-CU-2023:2758-1: Recommended update of bci/dotnet-runtime Message-ID: <20230826100918.DDE36FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2758-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-10.4 , bci/dotnet-runtime:6.0.21 , bci/dotnet-runtime:6.0.21-10.4 Container Release : 10.4 Severity : moderate Type : recommended References : 1201519 1204844 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - container:sles15-image-15.0.0-36.5.26 updated From sle-updates at lists.suse.com Sat Aug 26 10:09:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Aug 2023 12:09:34 +0200 (CEST) Subject: SUSE-CU-2023:2759-1: Recommended update of bci/dotnet-runtime Message-ID: <20230826100934.59BECFDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2759-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-12.4 , bci/dotnet-runtime:7.0.10 , bci/dotnet-runtime:7.0.10-12.4 , bci/dotnet-runtime:latest Container Release : 12.4 Severity : moderate Type : recommended References : 1201519 1204844 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - container:sles15-image-15.0.0-36.5.26 updated From sle-updates at lists.suse.com Sat Aug 26 10:16:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Aug 2023 12:16:19 +0200 (CEST) Subject: SUSE-CU-2023:2760-1: Recommended update of suse/sle15 Message-ID: <20230826101619.738B4FDDB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2760-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.26 , suse/sle15:15.5 , suse/sle15:15.5.36.5.26 Container Release : 36.5.26 Severity : moderate Type : recommended References : 1201519 1204844 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated From sle-updates at lists.suse.com Mon Aug 28 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 08:30:06 -0000 Subject: SUSE-SU-2023:3441-1: important: Security update for java-1_8_0-ibm Message-ID: <169321140629.17836.12855880435172655320@smelt2.suse.de> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:3441-1 Rating: important References: * #1207922 * #1213473 * #1213474 * #1213475 * #1213479 * #1213481 * #1213482 * #1213541 * #1213934 * #1214431 Cross-References: * CVE-2022-40609 * CVE-2023-22006 * CVE-2023-22036 * CVE-2023-22041 * CVE-2023-22044 * CVE-2023-22045 * CVE-2023-22049 * CVE-2023-25193 CVSS scores: * CVE-2022-40609 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-40609 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22006 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22006 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-22036 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22036 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22041 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22041 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22044 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22044 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22049 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities and has two fixes can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 10 (bsc#1213541) * CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. (bsc#1213934) * CVE-2023-22041: Fixed a flaw whcih could allow unauthorized access to critical data or complete access. (bsc#1213475) * CVE-2023-22049: Fixed a flaw which could result in unauthorized update. (bsc#1213482) * CVE-2023-22045: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213481) * CVE-2023-22044: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213479) * CVE-2023-22036: Fixed a flaw which could result in unauthorized ability to cause a partial denial of service. (bsc#1213474) * CVE-2023-25193: Fixed a flaw which could allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. (bsc#1207922) * CVE-2023-22006: Fixed a flaw which could result in unauthorized update, insert or delete access for JDK accessible data. (bsc#1213473) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3441=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3441=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3441=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3441=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3441=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3441=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3441=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3441=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3441=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3441=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3441=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3441=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3441=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3441=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * openSUSE Leap 15.4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.10-150000.3.80.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-src-1.8.0_sr8.10-150000.3.80.1 * openSUSE Leap 15.5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * openSUSE Leap 15.5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.10-150000.3.80.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-src-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * Legacy Module 15-SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Enterprise Storage 7.1 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Enterprise Storage 7.1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE Enterprise Storage 7 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE Enterprise Storage 7 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.10-150000.3.80.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-devel-1.8.0_sr8.10-150000.3.80.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.10-150000.3.80.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40609.html * https://www.suse.com/security/cve/CVE-2023-22006.html * https://www.suse.com/security/cve/CVE-2023-22036.html * https://www.suse.com/security/cve/CVE-2023-22041.html * https://www.suse.com/security/cve/CVE-2023-22044.html * https://www.suse.com/security/cve/CVE-2023-22045.html * https://www.suse.com/security/cve/CVE-2023-22049.html * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1207922 * https://bugzilla.suse.com/show_bug.cgi?id=1213473 * https://bugzilla.suse.com/show_bug.cgi?id=1213474 * https://bugzilla.suse.com/show_bug.cgi?id=1213475 * https://bugzilla.suse.com/show_bug.cgi?id=1213479 * https://bugzilla.suse.com/show_bug.cgi?id=1213481 * https://bugzilla.suse.com/show_bug.cgi?id=1213482 * https://bugzilla.suse.com/show_bug.cgi?id=1213541 * https://bugzilla.suse.com/show_bug.cgi?id=1213934 * https://bugzilla.suse.com/show_bug.cgi?id=1214431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 08:30:10 -0000 Subject: SUSE-SU-2023:3440-1: low: Security update for gawk Message-ID: <169321141008.17836.12546414880922714572@smelt2.suse.de> # Security update for gawk Announcement ID: SUSE-SU-2023:3440-1 Rating: low References: * #1214025 Cross-References: * CVE-2023-4156 CVSS scores: * CVE-2023-4156 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for gawk fixes the following issues: * CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3440=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3440=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3440=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3440=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3440=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3440=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3440=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3440=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3440=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3440=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3440=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3440=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3440=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3440=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3440=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3440=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * gawk-4.2.1-150000.3.3.1 * gawk-debuginfo-4.2.1-150000.3.3.1 * gawk-debugsource-4.2.1-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4156.html * https://bugzilla.suse.com/show_bug.cgi?id=1214025 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 08:30:12 -0000 Subject: SUSE-SU-2023:3439-1: low: Security update for ghostscript Message-ID: <169321141268.17836.237371717544134606@smelt2.suse.de> # Security update for ghostscript Announcement ID: SUSE-SU-2023:3439-1 Rating: low References: * #1213637 Cross-References: * CVE-2023-38559 CVSS scores: * CVE-2023-38559 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-38559 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ghostscript fixes the following issues: * CVE-2023-38559: Fixed out-of-bounds read in devn_pcx_write_rle() that could result in DoS (bsc#1213637). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3439=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3439=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3439=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3439=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-23.57.1 * ghostscript-debuginfo-9.52-23.57.1 * ghostscript-devel-9.52-23.57.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ghostscript-x11-debuginfo-9.52-23.57.1 * ghostscript-debugsource-9.52-23.57.1 * ghostscript-devel-9.52-23.57.1 * ghostscript-9.52-23.57.1 * ghostscript-x11-9.52-23.57.1 * ghostscript-debuginfo-9.52-23.57.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-debuginfo-9.52-23.57.1 * ghostscript-debugsource-9.52-23.57.1 * ghostscript-devel-9.52-23.57.1 * ghostscript-9.52-23.57.1 * ghostscript-x11-9.52-23.57.1 * ghostscript-debuginfo-9.52-23.57.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ghostscript-x11-debuginfo-9.52-23.57.1 * ghostscript-debugsource-9.52-23.57.1 * ghostscript-devel-9.52-23.57.1 * ghostscript-9.52-23.57.1 * ghostscript-x11-9.52-23.57.1 * ghostscript-debuginfo-9.52-23.57.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38559.html * https://bugzilla.suse.com/show_bug.cgi?id=1213637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 08:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 08:30:14 -0000 Subject: SUSE-SU-2023:3438-1: low: Security update for ghostscript Message-ID: <169321141474.17836.1497481262052795338@smelt2.suse.de> # Security update for ghostscript Announcement ID: SUSE-SU-2023:3438-1 Rating: low References: * #1213637 Cross-References: * CVE-2023-38559 CVSS scores: * CVE-2023-38559 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-38559 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ghostscript fixes the following issues: * CVE-2023-38559: Fixed out-of-bounds read in devn_pcx_write_rle() that could result in DoS (bsc#1213637). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3438=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3438=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3438=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3438=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3438=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3438=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3438=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-debuginfo-9.52-150000.170.1 * ghostscript-devel-9.52-150000.170.1 * ghostscript-9.52-150000.170.1 * ghostscript-debuginfo-9.52-150000.170.1 * ghostscript-x11-9.52-150000.170.1 * ghostscript-debugsource-9.52-150000.170.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-debuginfo-9.52-150000.170.1 * ghostscript-devel-9.52-150000.170.1 * ghostscript-9.52-150000.170.1 * ghostscript-debuginfo-9.52-150000.170.1 * ghostscript-x11-9.52-150000.170.1 * ghostscript-debugsource-9.52-150000.170.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-debuginfo-9.52-150000.170.1 * ghostscript-devel-9.52-150000.170.1 * ghostscript-9.52-150000.170.1 * ghostscript-debuginfo-9.52-150000.170.1 * ghostscript-x11-9.52-150000.170.1 * ghostscript-debugsource-9.52-150000.170.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-debuginfo-9.52-150000.170.1 * ghostscript-devel-9.52-150000.170.1 * ghostscript-9.52-150000.170.1 * ghostscript-debuginfo-9.52-150000.170.1 * ghostscript-x11-9.52-150000.170.1 * ghostscript-debugsource-9.52-150000.170.1 * SUSE Manager Proxy 4.2 (x86_64) * ghostscript-x11-debuginfo-9.52-150000.170.1 * ghostscript-devel-9.52-150000.170.1 * ghostscript-9.52-150000.170.1 * ghostscript-debuginfo-9.52-150000.170.1 * ghostscript-x11-9.52-150000.170.1 * ghostscript-debugsource-9.52-150000.170.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ghostscript-x11-debuginfo-9.52-150000.170.1 * ghostscript-devel-9.52-150000.170.1 * ghostscript-9.52-150000.170.1 * ghostscript-debuginfo-9.52-150000.170.1 * ghostscript-x11-9.52-150000.170.1 * ghostscript-debugsource-9.52-150000.170.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * ghostscript-x11-debuginfo-9.52-150000.170.1 * ghostscript-devel-9.52-150000.170.1 * ghostscript-9.52-150000.170.1 * ghostscript-debuginfo-9.52-150000.170.1 * ghostscript-x11-9.52-150000.170.1 * ghostscript-debugsource-9.52-150000.170.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38559.html * https://bugzilla.suse.com/show_bug.cgi?id=1213637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 08:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 08:30:17 -0000 Subject: SUSE-RU-2023:3437-1: moderate: Recommended update for llvm15 Message-ID: <169321141724.17836.903644490161552264@smelt2.suse.de> # Recommended update for llvm15 Announcement ID: SUSE-RU-2023:3437-1 Rating: moderate References: * #1213488 Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one recommended fix can now be installed. ## Description: This update for llvm15 fixes the following issues: * Include clang15-devel and its dependencies in Package Hub (bsc#1213488) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3437=1 openSUSE-SLE-15.5-2023-3437=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3437=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3437=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3437=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libclang-cpp15-debuginfo-15.0.7-150500.4.2.4 * libLLVM15-15.0.7-150500.4.2.4 * libLLVM15-debuginfo-15.0.7-150500.4.2.4 * lld15-debuginfo-15.0.7-150500.4.2.4 * llvm15-gold-debuginfo-15.0.7-150500.4.2.4 * llvm15-devel-debuginfo-15.0.7-150500.4.2.4 * clang15-15.0.7-150500.4.2.4 * clang-tools-debuginfo-15.0.7-150500.4.2.4 * python3-clang15-15.0.7-150500.4.2.4 * clang15-devel-15.0.7-150500.4.2.4 * libLTO15-15.0.7-150500.4.2.4 * libclang-cpp15-15.0.7-150500.4.2.4 * llvm15-polly-devel-15.0.7-150500.4.2.4 * llvm15-debuginfo-15.0.7-150500.4.2.4 * clang15-debuginfo-15.0.7-150500.4.2.4 * llvm15-15.0.7-150500.4.2.4 * llvm15-devel-15.0.7-150500.4.2.4 * libclang13-debuginfo-15.0.7-150500.4.2.4 * llvm15-gold-15.0.7-150500.4.2.4 * libclang13-15.0.7-150500.4.2.4 * llvm15-polly-15.0.7-150500.4.2.4 * libLTO15-debuginfo-15.0.7-150500.4.2.4 * llvm15-polly-debuginfo-15.0.7-150500.4.2.4 * clang-tools-15.0.7-150500.4.2.4 * lld15-15.0.7-150500.4.2.4 * openSUSE Leap 15.5 (noarch) * llvm15-opt-viewer-15.0.7-150500.4.2.4 * llvm15-vim-plugins-15.0.7-150500.4.2.4 * clang15-doc-15.0.7-150500.4.2.4 * llvm15-doc-15.0.7-150500.4.2.4 * openSUSE Leap 15.5 (x86_64) * python3-lldb15-15.0.7-150500.4.2.4 * lldb15-debuginfo-15.0.7-150500.4.2.4 * liblldb15-15.0.7-150500.4.2.4 * libclang-cpp15-32bit-15.0.7-150500.4.2.4 * lldb15-devel-15.0.7-150500.4.2.4 * libclang-cpp15-32bit-debuginfo-15.0.7-150500.4.2.4 * libLLVM15-32bit-15.0.7-150500.4.2.4 * libLLVM15-32bit-debuginfo-15.0.7-150500.4.2.4 * lldb15-15.0.7-150500.4.2.4 * liblldb15-debuginfo-15.0.7-150500.4.2.4 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586) * libomp15-devel-debuginfo-15.0.7-150500.4.2.4 * libomp15-devel-15.0.7-150500.4.2.4 * openSUSE Leap 15.5 (aarch64 x86_64) * libc++-devel-15.0.7-150500.4.2.4 * libc++1-15.0.7-150500.4.2.4 * libc++1-debuginfo-15.0.7-150500.4.2.4 * libc++abi1-debuginfo-15.0.7-150500.4.2.4 * libc++abi1-15.0.7-150500.4.2.4 * libc++abi-devel-15.0.7-150500.4.2.4 * openSUSE Leap 15.5 (aarch64_ilp32) * libclang-cpp15-64bit-15.0.7-150500.4.2.4 * libLLVM15-64bit-15.0.7-150500.4.2.4 * libclang-cpp15-64bit-debuginfo-15.0.7-150500.4.2.4 * libLLVM15-64bit-debuginfo-15.0.7-150500.4.2.4 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libLLVM15-debuginfo-15.0.7-150500.4.2.4 * llvm15-debuginfo-15.0.7-150500.4.2.4 * libLLVM15-15.0.7-150500.4.2.4 * Basesystem Module 15-SP5 (aarch64 x86_64) * libc++-devel-15.0.7-150500.4.2.4 * libc++1-15.0.7-150500.4.2.4 * libc++1-debuginfo-15.0.7-150500.4.2.4 * libc++abi1-debuginfo-15.0.7-150500.4.2.4 * libc++abi1-15.0.7-150500.4.2.4 * libc++abi-devel-15.0.7-150500.4.2.4 * Basesystem Module 15-SP5 (x86_64) * libLLVM15-32bit-debuginfo-15.0.7-150500.4.2.4 * libLLVM15-32bit-15.0.7-150500.4.2.4 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libclang-cpp15-debuginfo-15.0.7-150500.4.2.4 * libclang13-debuginfo-15.0.7-150500.4.2.4 * libclang-cpp15-15.0.7-150500.4.2.4 * libclang13-15.0.7-150500.4.2.4 * llvm15-debuginfo-15.0.7-150500.4.2.4 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libclang-cpp15-debuginfo-15.0.7-150500.4.2.4 * libclang-cpp15-15.0.7-150500.4.2.4 * clang15-debuginfo-15.0.7-150500.4.2.4 * clang-tools-debuginfo-15.0.7-150500.4.2.4 * clang15-15.0.7-150500.4.2.4 * clang-tools-15.0.7-150500.4.2.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213488 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 09:29:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 11:29:34 +0200 (CEST) Subject: SUSE-CU-2023:2761-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20230828092934.9DBE3FDCF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2761-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.22 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.22 Severity : moderate Type : recommended References : 1201519 1204844 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - container:sles15-image-15.0.0-36.5.26 updated From sle-updates at lists.suse.com Mon Aug 28 10:11:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:11:41 +0200 (CEST) Subject: SUSE-CU-2023:2762-1: Recommended update of bci/nodejs Message-ID: <20230828101141.6C152FDDB@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2762-1 Container Tags : bci/node:16 , bci/node:16-9.34 , bci/nodejs:16 , bci/nodejs:16-9.34 Container Release : 9.34 Severity : moderate Type : recommended References : 1201519 1204844 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - container:sles15-image-15.0.0-36.5.26 updated From sle-updates at lists.suse.com Mon Aug 28 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:02 -0000 Subject: SUSE-SU-2023:3454-1: important: Security update for ca-certificates-mozilla Message-ID: <169322580256.18229.6628425261854556885@smelt2.suse.de> # Security update for ca-certificates-mozilla Announcement ID: SUSE-SU-2023:3454-1 Rating: important References: * #1214248 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for ca-certificates-mozilla fixes the following issues: * Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: * Atos TrustedRoot Root CA ECC G2 2020 * Atos TrustedRoot Root CA ECC TLS 2021 * Atos TrustedRoot Root CA RSA G2 2020 * Atos TrustedRoot Root CA RSA TLS 2021 * BJCA Global Root CA1 * BJCA Global Root CA2 * LAWtrust Root CA2 (4096) * Sectigo Public Email Protection Root E46 * Sectigo Public Email Protection Root R46 * Sectigo Public Server Authentication Root E46 * Sectigo Public Server Authentication Root R46 * SSL.com Client ECC Root CA 2022 * SSL.com Client RSA Root CA 2022 * SSL.com TLS ECC Root CA 2022 * SSL.com TLS RSA Root CA 2022 Removed CAs: * Chambers of Commerce Root * E-Tugra Certification Authority * E-Tugra Global Root CA ECC v3 * E-Tugra Global Root CA RSA v3 * Hongkong Post Root CA 1 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3454=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3454=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3454=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3454=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3454=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3454=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3454=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3454=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3454=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3454=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3454=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3454=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3454=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3454=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3454=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3454=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3454=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3454=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3454=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3454=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3454=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3454=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3454=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3454=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3454=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3454=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * openSUSE Leap Micro 5.4 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * openSUSE Leap 15.4 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * openSUSE Leap 15.5 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * Basesystem Module 15-SP4 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * Basesystem Module 15-SP5 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * Development Tools Module 15-SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * Development Tools Module 15-SP5 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Manager Proxy 4.2 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Manager Server 4.2 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Enterprise Storage 7.1 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * ca-certificates-mozilla-prebuilt-2.62-150200.30.1 * ca-certificates-mozilla-2.62-150200.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214248 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:04 -0000 Subject: SUSE-FU-2023:2898-1: critical: Recommended update for python-instance-billing-flavor-check Message-ID: <169322580479.18229.4062810314571307626@smelt2.suse.de> # Recommended update for python-instance-billing-flavor-check Announcement ID: SUSE-FU-2023:2898-1 Rating: critical References: * PED-4791 Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that contains one feature can now be installed. ## Description: This update for python-instance-billing-flavor-check fixes the following issues: * Include PAYG checker package in SLE (jsc#PED-4791) ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2898=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2898=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2898=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2898=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python-instance-billing-flavor-check-0.0.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python-instance-billing-flavor-check-0.0.2-150000.1.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python-instance-billing-flavor-check-0.0.2-150000.1.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python-instance-billing-flavor-check-0.0.2-150000.1.3.1 ## References: * https://jira.suse.com/browse/PED-4791 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:06 -0000 Subject: SUSE-RU-2023:3453-1: moderate: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <169322580665.18229.5959136589229178473@smelt2.suse.de> # Recommended update for supportutils-plugin-suse-public-cloud Announcement ID: SUSE-RU-2023:3453-1 Rating: moderate References: * #1213951 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for supportutils-plugin-suse-public-cloud fixes the following issues: * Update from version 1.0.7 to 1.0.8 (bsc#1213951) * Capture CSP billing adapter config and log * Accept upper case Amazon string in DMI table ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3453=1 ## Package List: * Public Cloud Module 12 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-6.19.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213951 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:08 -0000 Subject: SUSE-RU-2023:3452-1: moderate: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <169322580841.18229.5442396395819494517@smelt2.suse.de> # Recommended update for supportutils-plugin-suse-public-cloud Announcement ID: SUSE-RU-2023:3452-1 Rating: moderate References: * #1213951 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for supportutils-plugin-suse-public-cloud fixes the following issues: * Update from version 1.0.7 to 1.0.8 (bsc#1213951) * Capture CSP billing adapter config and log * Accept upper case Amazon string in DMI table ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3452=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3452=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3452=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3452=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3452=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3452=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3452=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3452=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3452=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3452=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3452=1 ## Package List: * openSUSE Leap 15.4 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 * openSUSE Leap 15.5 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 * Public Cloud Module 15-SP1 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 * Public Cloud Module 15-SP2 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 * Public Cloud Module 15-SP3 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 * Public Cloud Module 15-SP4 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 * Public Cloud Module 15-SP5 (noarch) * supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213951 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:18 -0000 Subject: SUSE-RU-2023:3451-1: moderate: Recommended update for systemd Message-ID: <169322581845.18229.11256332819402384511@smelt2.suse.de> # Recommended update for systemd Announcement ID: SUSE-RU-2023:3451-1 Rating: moderate References: * #1186606 * #1194609 * #1208194 * #1209741 * #1210702 * #1211576 * #1212434 * #1213185 * #1213575 * #1213873 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has 10 recommended fixes can now be installed. ## Description: This update for systemd fixes the following issues: * Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) * Decrease devlink priority for iso disks (bsc#1213185) * Do not ignore mount point paths longer than 255 characters (bsc#1208194) * Refuse hibernation if there's no possible way to resume (bsc#1186606) * Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) * Drop some entries no longer needed by YaST (bsc#1194609) * The "systemd --user" instances get their own session keyring instead of the user default one (bsc#1209741) * Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3451=1 openSUSE-SLE-15.4-2023-3451=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3451=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3451=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3451=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3451=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3451=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3451=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3451=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3451=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3451=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3451=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3451=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libsystemd0-debuginfo-249.16-150400.8.33.1 * systemd-experimental-debuginfo-249.16-150400.8.33.1 * libudev-mini1-debuginfo-249.16-150400.8.33.1 * systemd-coredump-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * libsystemd0-249.16-150400.8.33.1 * systemd-mini-container-debuginfo-249.16-150400.8.33.1 * systemd-devel-249.16-150400.8.33.1 * systemd-mini-debugsource-249.16-150400.8.33.1 * systemd-249.16-150400.8.33.1 * systemd-testsuite-debuginfo-249.16-150400.8.33.1 * udev-249.16-150400.8.33.1 * libsystemd0-mini-249.16-150400.8.33.1 * libsystemd0-mini-debuginfo-249.16-150400.8.33.1 * systemd-sysvinit-249.16-150400.8.33.1 * nss-myhostname-249.16-150400.8.33.1 * systemd-network-debuginfo-249.16-150400.8.33.1 * systemd-mini-devel-249.16-150400.8.33.1 * systemd-journal-remote-249.16-150400.8.33.1 * libudev1-249.16-150400.8.33.1 * systemd-doc-249.16-150400.8.33.1 * libudev-mini1-249.16-150400.8.33.1 * nss-systemd-249.16-150400.8.33.1 * udev-debuginfo-249.16-150400.8.33.1 * systemd-journal-remote-debuginfo-249.16-150400.8.33.1 * systemd-mini-doc-249.16-150400.8.33.1 * systemd-portable-249.16-150400.8.33.1 * systemd-portable-debuginfo-249.16-150400.8.33.1 * systemd-mini-debuginfo-249.16-150400.8.33.1 * udev-mini-debuginfo-249.16-150400.8.33.1 * systemd-coredump-debuginfo-249.16-150400.8.33.1 * systemd-network-249.16-150400.8.33.1 * systemd-testsuite-249.16-150400.8.33.1 * systemd-container-249.16-150400.8.33.1 * systemd-experimental-249.16-150400.8.33.1 * systemd-mini-249.16-150400.8.33.1 * libudev1-debuginfo-249.16-150400.8.33.1 * systemd-container-debuginfo-249.16-150400.8.33.1 * systemd-mini-container-249.16-150400.8.33.1 * systemd-debuginfo-249.16-150400.8.33.1 * udev-mini-249.16-150400.8.33.1 * nss-myhostname-debuginfo-249.16-150400.8.33.1 * systemd-mini-sysvinit-249.16-150400.8.33.1 * nss-systemd-debuginfo-249.16-150400.8.33.1 * openSUSE Leap 15.4 (x86_64) * libsystemd0-32bit-debuginfo-249.16-150400.8.33.1 * libudev1-32bit-249.16-150400.8.33.1 * libsystemd0-32bit-249.16-150400.8.33.1 * systemd-32bit-249.16-150400.8.33.1 * systemd-32bit-debuginfo-249.16-150400.8.33.1 * nss-myhostname-32bit-debuginfo-249.16-150400.8.33.1 * nss-myhostname-32bit-249.16-150400.8.33.1 * libudev1-32bit-debuginfo-249.16-150400.8.33.1 * openSUSE Leap 15.4 (noarch) * systemd-lang-249.16-150400.8.33.1 * openSUSE Leap 15.4 (aarch64_ilp32) * systemd-64bit-debuginfo-249.16-150400.8.33.1 * libsystemd0-64bit-249.16-150400.8.33.1 * libsystemd0-64bit-debuginfo-249.16-150400.8.33.1 * nss-myhostname-64bit-249.16-150400.8.33.1 * systemd-64bit-249.16-150400.8.33.1 * libudev1-64bit-debuginfo-249.16-150400.8.33.1 * libudev1-64bit-249.16-150400.8.33.1 * nss-myhostname-64bit-debuginfo-249.16-150400.8.33.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * systemd-journal-remote-249.16-150400.8.33.1 * libudev1-249.16-150400.8.33.1 * libsystemd0-debuginfo-249.16-150400.8.33.1 * systemd-container-249.16-150400.8.33.1 * udev-249.16-150400.8.33.1 * libudev1-debuginfo-249.16-150400.8.33.1 * systemd-container-debuginfo-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * libsystemd0-249.16-150400.8.33.1 * systemd-debuginfo-249.16-150400.8.33.1 * systemd-journal-remote-debuginfo-249.16-150400.8.33.1 * systemd-sysvinit-249.16-150400.8.33.1 * udev-debuginfo-249.16-150400.8.33.1 * systemd-249.16-150400.8.33.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * systemd-journal-remote-249.16-150400.8.33.1 * libudev1-249.16-150400.8.33.1 * libsystemd0-debuginfo-249.16-150400.8.33.1 * systemd-container-249.16-150400.8.33.1 * udev-249.16-150400.8.33.1 * libudev1-debuginfo-249.16-150400.8.33.1 * systemd-container-debuginfo-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * libsystemd0-249.16-150400.8.33.1 * systemd-debuginfo-249.16-150400.8.33.1 * systemd-journal-remote-debuginfo-249.16-150400.8.33.1 * systemd-sysvinit-249.16-150400.8.33.1 * udev-debuginfo-249.16-150400.8.33.1 * systemd-249.16-150400.8.33.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsystemd0-debuginfo-249.16-150400.8.33.1 * systemd-experimental-debuginfo-249.16-150400.8.33.1 * systemd-coredump-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * libsystemd0-249.16-150400.8.33.1 * systemd-devel-249.16-150400.8.33.1 * systemd-249.16-150400.8.33.1 * systemd-testsuite-debuginfo-249.16-150400.8.33.1 * udev-249.16-150400.8.33.1 * systemd-sysvinit-249.16-150400.8.33.1 * nss-myhostname-249.16-150400.8.33.1 * systemd-network-debuginfo-249.16-150400.8.33.1 * systemd-journal-remote-249.16-150400.8.33.1 * libudev1-249.16-150400.8.33.1 * systemd-doc-249.16-150400.8.33.1 * nss-systemd-249.16-150400.8.33.1 * udev-debuginfo-249.16-150400.8.33.1 * systemd-journal-remote-debuginfo-249.16-150400.8.33.1 * systemd-portable-249.16-150400.8.33.1 * systemd-portable-debuginfo-249.16-150400.8.33.1 * systemd-coredump-debuginfo-249.16-150400.8.33.1 * systemd-network-249.16-150400.8.33.1 * systemd-testsuite-249.16-150400.8.33.1 * systemd-container-249.16-150400.8.33.1 * systemd-experimental-249.16-150400.8.33.1 * libudev1-debuginfo-249.16-150400.8.33.1 * systemd-container-debuginfo-249.16-150400.8.33.1 * systemd-debuginfo-249.16-150400.8.33.1 * nss-myhostname-debuginfo-249.16-150400.8.33.1 * nss-systemd-debuginfo-249.16-150400.8.33.1 * openSUSE Leap 15.5 (x86_64) * libsystemd0-32bit-debuginfo-249.16-150400.8.33.1 * libudev1-32bit-249.16-150400.8.33.1 * libsystemd0-32bit-249.16-150400.8.33.1 * systemd-32bit-249.16-150400.8.33.1 * systemd-32bit-debuginfo-249.16-150400.8.33.1 * nss-myhostname-32bit-debuginfo-249.16-150400.8.33.1 * nss-myhostname-32bit-249.16-150400.8.33.1 * libudev1-32bit-debuginfo-249.16-150400.8.33.1 * openSUSE Leap 15.5 (noarch) * systemd-lang-249.16-150400.8.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * systemd-journal-remote-249.16-150400.8.33.1 * libudev1-249.16-150400.8.33.1 * libsystemd0-debuginfo-249.16-150400.8.33.1 * systemd-container-249.16-150400.8.33.1 * udev-249.16-150400.8.33.1 * libudev1-debuginfo-249.16-150400.8.33.1 * systemd-container-debuginfo-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * libsystemd0-249.16-150400.8.33.1 * systemd-debuginfo-249.16-150400.8.33.1 * systemd-journal-remote-debuginfo-249.16-150400.8.33.1 * systemd-sysvinit-249.16-150400.8.33.1 * udev-debuginfo-249.16-150400.8.33.1 * systemd-249.16-150400.8.33.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * systemd-journal-remote-249.16-150400.8.33.1 * libudev1-249.16-150400.8.33.1 * libsystemd0-debuginfo-249.16-150400.8.33.1 * systemd-container-249.16-150400.8.33.1 * udev-249.16-150400.8.33.1 * libudev1-debuginfo-249.16-150400.8.33.1 * systemd-container-debuginfo-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * libsystemd0-249.16-150400.8.33.1 * systemd-debuginfo-249.16-150400.8.33.1 * systemd-journal-remote-debuginfo-249.16-150400.8.33.1 * systemd-sysvinit-249.16-150400.8.33.1 * udev-debuginfo-249.16-150400.8.33.1 * systemd-249.16-150400.8.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * systemd-journal-remote-249.16-150400.8.33.1 * libudev1-249.16-150400.8.33.1 * libsystemd0-debuginfo-249.16-150400.8.33.1 * systemd-container-249.16-150400.8.33.1 * udev-249.16-150400.8.33.1 * libudev1-debuginfo-249.16-150400.8.33.1 * systemd-container-debuginfo-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * libsystemd0-249.16-150400.8.33.1 * systemd-debuginfo-249.16-150400.8.33.1 * systemd-journal-remote-debuginfo-249.16-150400.8.33.1 * systemd-sysvinit-249.16-150400.8.33.1 * udev-debuginfo-249.16-150400.8.33.1 * systemd-249.16-150400.8.33.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * systemd-journal-remote-249.16-150400.8.33.1 * libudev1-249.16-150400.8.33.1 * libsystemd0-debuginfo-249.16-150400.8.33.1 * systemd-container-249.16-150400.8.33.1 * udev-249.16-150400.8.33.1 * libudev1-debuginfo-249.16-150400.8.33.1 * systemd-container-debuginfo-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * libsystemd0-249.16-150400.8.33.1 * systemd-debuginfo-249.16-150400.8.33.1 * systemd-journal-remote-debuginfo-249.16-150400.8.33.1 * systemd-sysvinit-249.16-150400.8.33.1 * udev-debuginfo-249.16-150400.8.33.1 * systemd-249.16-150400.8.33.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libudev1-249.16-150400.8.33.1 * libsystemd0-debuginfo-249.16-150400.8.33.1 * systemd-container-249.16-150400.8.33.1 * systemd-doc-249.16-150400.8.33.1 * udev-249.16-150400.8.33.1 * systemd-coredump-249.16-150400.8.33.1 * libudev1-debuginfo-249.16-150400.8.33.1 * systemd-container-debuginfo-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * libsystemd0-249.16-150400.8.33.1 * systemd-debuginfo-249.16-150400.8.33.1 * systemd-sysvinit-249.16-150400.8.33.1 * systemd-devel-249.16-150400.8.33.1 * udev-debuginfo-249.16-150400.8.33.1 * systemd-249.16-150400.8.33.1 * systemd-coredump-debuginfo-249.16-150400.8.33.1 * Basesystem Module 15-SP4 (noarch) * systemd-lang-249.16-150400.8.33.1 * Basesystem Module 15-SP4 (x86_64) * libsystemd0-32bit-debuginfo-249.16-150400.8.33.1 * libudev1-32bit-249.16-150400.8.33.1 * libsystemd0-32bit-249.16-150400.8.33.1 * systemd-32bit-249.16-150400.8.33.1 * systemd-32bit-debuginfo-249.16-150400.8.33.1 * libudev1-32bit-debuginfo-249.16-150400.8.33.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libudev1-249.16-150400.8.33.1 * libsystemd0-debuginfo-249.16-150400.8.33.1 * systemd-container-249.16-150400.8.33.1 * systemd-doc-249.16-150400.8.33.1 * udev-249.16-150400.8.33.1 * systemd-coredump-249.16-150400.8.33.1 * libudev1-debuginfo-249.16-150400.8.33.1 * systemd-container-debuginfo-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * libsystemd0-249.16-150400.8.33.1 * systemd-debuginfo-249.16-150400.8.33.1 * systemd-sysvinit-249.16-150400.8.33.1 * systemd-devel-249.16-150400.8.33.1 * udev-debuginfo-249.16-150400.8.33.1 * systemd-249.16-150400.8.33.1 * systemd-coredump-debuginfo-249.16-150400.8.33.1 * Basesystem Module 15-SP5 (noarch) * systemd-lang-249.16-150400.8.33.1 * Basesystem Module 15-SP5 (x86_64) * libsystemd0-32bit-debuginfo-249.16-150400.8.33.1 * libudev1-32bit-249.16-150400.8.33.1 * libsystemd0-32bit-249.16-150400.8.33.1 * systemd-32bit-249.16-150400.8.33.1 * systemd-32bit-debuginfo-249.16-150400.8.33.1 * libudev1-32bit-debuginfo-249.16-150400.8.33.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * systemd-network-249.16-150400.8.33.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * systemd-debuginfo-249.16-150400.8.33.1 * systemd-network-249.16-150400.8.33.1 * systemd-debugsource-249.16-150400.8.33.1 * systemd-network-debuginfo-249.16-150400.8.33.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1186606 * https://bugzilla.suse.com/show_bug.cgi?id=1194609 * https://bugzilla.suse.com/show_bug.cgi?id=1208194 * https://bugzilla.suse.com/show_bug.cgi?id=1209741 * https://bugzilla.suse.com/show_bug.cgi?id=1210702 * https://bugzilla.suse.com/show_bug.cgi?id=1211576 * https://bugzilla.suse.com/show_bug.cgi?id=1212434 * https://bugzilla.suse.com/show_bug.cgi?id=1213185 * https://bugzilla.suse.com/show_bug.cgi?id=1213575 * https://bugzilla.suse.com/show_bug.cgi?id=1213873 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:21 -0000 Subject: SUSE-RU-2023:3450-1: moderate: Recommended update for google-cloud-sap-agent Message-ID: <169322582113.18229.5259737301013939435@smelt2.suse.de> # Recommended update for google-cloud-sap-agent Announcement ID: SUSE-RU-2023:3450-1 Rating: moderate References: * #1214293 Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issues: * Install missing default configuration file (bsc#1214293) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3450=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3450=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3450=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3450=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3450=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3450=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.15.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.15.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.15.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.15.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.15.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.1-150100.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214293 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:22 -0000 Subject: SUSE-RU-2023:3449-1: moderate: Recommended update for google-guest-configs Message-ID: <169322582276.18229.14073097583438565352@smelt2.suse.de> # Recommended update for google-guest-configs Announcement ID: SUSE-RU-2023:3449-1 Rating: moderate References: * #1214546 * #1214572 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for google-guest-configs fixes the following issues: * Update to version 20230808.00 (bsc#1214546, bsc#1214572) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3449=1 ## Package List: * Public Cloud Module 12 (noarch) * google-guest-configs-20230808.00-1.26.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214546 * https://bugzilla.suse.com/show_bug.cgi?id=1214572 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:24 -0000 Subject: SUSE-RU-2023:3448-1: moderate: Recommended update for google-guest-configs Message-ID: <169322582428.18229.16010977439244538312@smelt2.suse.de> # Recommended update for google-guest-configs Announcement ID: SUSE-RU-2023:3448-1 Rating: moderate References: * #1214546 * #1214572 Affected Products: * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 An update that has two recommended fixes can now be installed. ## Description: This update for google-guest-configs fixes the following issues: * Update to version 20230808.00 (bsc#1214546, bsc#1214572) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-3448=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-3448=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-3448=1 ## Package List: * Public Cloud Module 15-SP1 (noarch) * google-guest-configs-20230808.00-150000.1.28.1 * Public Cloud Module 15-SP2 (noarch) * google-guest-configs-20230808.00-150000.1.28.1 * Public Cloud Module 15-SP3 (noarch) * google-guest-configs-20230808.00-150000.1.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214546 * https://bugzilla.suse.com/show_bug.cgi?id=1214572 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:28 -0000 Subject: SUSE-SU-2023:3447-1: moderate: Security update for xen Message-ID: <169322582885.18229.411963254478283875@smelt2.suse.de> # Security update for xen Announcement ID: SUSE-SU-2023:3447-1 Rating: moderate References: * #1027519 * #1212684 * #1213616 * #1214082 * #1214083 Cross-References: * CVE-2022-40982 * CVE-2023-20569 * CVE-2023-20593 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities and has two fixes can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling". (bsc#1214083, XSA-435) * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3447=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3447=1 openSUSE-SLE-15.5-2023-3447=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3447=1 ## Package List: * Server Applications Module 15-SP5 (x86_64) * xen-tools-debuginfo-4.17.2_02-150500.3.6.1 * xen-tools-4.17.2_02-150500.3.6.1 * xen-devel-4.17.2_02-150500.3.6.1 * xen-debugsource-4.17.2_02-150500.3.6.1 * xen-4.17.2_02-150500.3.6.1 * Server Applications Module 15-SP5 (noarch) * xen-tools-xendomains-wait-disk-4.17.2_02-150500.3.6.1 * openSUSE Leap 15.5 (aarch64 x86_64 i586) * xen-libs-4.17.2_02-150500.3.6.1 * xen-tools-domU-debuginfo-4.17.2_02-150500.3.6.1 * xen-devel-4.17.2_02-150500.3.6.1 * xen-tools-domU-4.17.2_02-150500.3.6.1 * xen-libs-debuginfo-4.17.2_02-150500.3.6.1 * xen-debugsource-4.17.2_02-150500.3.6.1 * openSUSE Leap 15.5 (x86_64) * xen-libs-32bit-debuginfo-4.17.2_02-150500.3.6.1 * xen-libs-32bit-4.17.2_02-150500.3.6.1 * openSUSE Leap 15.5 (aarch64 x86_64) * xen-4.17.2_02-150500.3.6.1 * xen-tools-debuginfo-4.17.2_02-150500.3.6.1 * xen-tools-4.17.2_02-150500.3.6.1 * xen-doc-html-4.17.2_02-150500.3.6.1 * openSUSE Leap 15.5 (noarch) * xen-tools-xendomains-wait-disk-4.17.2_02-150500.3.6.1 * openSUSE Leap 15.5 (aarch64_ilp32) * xen-libs-64bit-debuginfo-4.17.2_02-150500.3.6.1 * xen-libs-64bit-4.17.2_02-150500.3.6.1 * Basesystem Module 15-SP5 (x86_64) * xen-libs-4.17.2_02-150500.3.6.1 * xen-tools-domU-debuginfo-4.17.2_02-150500.3.6.1 * xen-tools-domU-4.17.2_02-150500.3.6.1 * xen-debugsource-4.17.2_02-150500.3.6.1 * xen-libs-debuginfo-4.17.2_02-150500.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1212684 * https://bugzilla.suse.com/show_bug.cgi?id=1213616 * https://bugzilla.suse.com/show_bug.cgi?id=1214082 * https://bugzilla.suse.com/show_bug.cgi?id=1214083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:32 -0000 Subject: SUSE-SU-2023:3446-1: moderate: Security update for xen Message-ID: <169322583243.18229.9585493604804564834@smelt2.suse.de> # Security update for xen Announcement ID: SUSE-SU-2023:3446-1 Rating: moderate References: * #1027519 * #1204489 * #1213616 * #1214082 * #1214083 Cross-References: * CVE-2022-40982 * CVE-2023-20569 * CVE-2023-20593 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves three vulnerabilities and has two fixes can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling". (bsc#1214083, XSA-435) * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3446=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3446=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3446=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3446=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3446=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3446=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * xen-tools-4.14.6_02-150300.3.51.1 * xen-4.14.6_02-150300.3.51.1 * xen-devel-4.14.6_02-150300.3.51.1 * xen-tools-domU-4.14.6_02-150300.3.51.1 * xen-tools-domU-debuginfo-4.14.6_02-150300.3.51.1 * xen-tools-debuginfo-4.14.6_02-150300.3.51.1 * xen-debugsource-4.14.6_02-150300.3.51.1 * xen-libs-debuginfo-4.14.6_02-150300.3.51.1 * xen-libs-4.14.6_02-150300.3.51.1 * SUSE Manager Proxy 4.2 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xen-tools-4.14.6_02-150300.3.51.1 * xen-4.14.6_02-150300.3.51.1 * xen-devel-4.14.6_02-150300.3.51.1 * xen-tools-domU-4.14.6_02-150300.3.51.1 * xen-tools-domU-debuginfo-4.14.6_02-150300.3.51.1 * xen-tools-debuginfo-4.14.6_02-150300.3.51.1 * xen-debugsource-4.14.6_02-150300.3.51.1 * xen-libs-debuginfo-4.14.6_02-150300.3.51.1 * xen-libs-4.14.6_02-150300.3.51.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1 * SUSE Manager Server 4.2 (x86_64) * xen-tools-4.14.6_02-150300.3.51.1 * xen-4.14.6_02-150300.3.51.1 * xen-devel-4.14.6_02-150300.3.51.1 * xen-tools-domU-4.14.6_02-150300.3.51.1 * xen-tools-domU-debuginfo-4.14.6_02-150300.3.51.1 * xen-tools-debuginfo-4.14.6_02-150300.3.51.1 * xen-debugsource-4.14.6_02-150300.3.51.1 * xen-libs-debuginfo-4.14.6_02-150300.3.51.1 * xen-libs-4.14.6_02-150300.3.51.1 * SUSE Manager Server 4.2 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * xen-libs-4.14.6_02-150300.3.51.1 * xen-debugsource-4.14.6_02-150300.3.51.1 * xen-libs-debuginfo-4.14.6_02-150300.3.51.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * xen-libs-4.14.6_02-150300.3.51.1 * xen-debugsource-4.14.6_02-150300.3.51.1 * xen-libs-debuginfo-4.14.6_02-150300.3.51.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * xen-libs-4.14.6_02-150300.3.51.1 * xen-debugsource-4.14.6_02-150300.3.51.1 * xen-libs-debuginfo-4.14.6_02-150300.3.51.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1204489 * https://bugzilla.suse.com/show_bug.cgi?id=1213616 * https://bugzilla.suse.com/show_bug.cgi?id=1214082 * https://bugzilla.suse.com/show_bug.cgi?id=1214083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:34 -0000 Subject: SUSE-SU-2023:3445-1: important: Security update for php7 Message-ID: <169322583448.18229.6378025804182151995@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:3445-1 Rating: important References: * #1214103 * #1214106 Cross-References: * CVE-2023-3823 * CVE-2023-3824 CVSS scores: * CVE-2023-3823 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3823 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-3824 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-3824 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * Web and Scripting Module 12 An update that solves two vulnerabilities can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106) * CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-3445=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3445=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * php74-xmlwriter-debuginfo-7.4.33-1.62.1 * php74-bz2-debuginfo-7.4.33-1.62.1 * php74-xmlwriter-7.4.33-1.62.1 * php74-sysvsem-debuginfo-7.4.33-1.62.1 * php74-ftp-7.4.33-1.62.1 * php74-zlib-7.4.33-1.62.1 * php74-calendar-7.4.33-1.62.1 * php74-xmlrpc-7.4.33-1.62.1 * php74-ldap-7.4.33-1.62.1 * php74-pdo-debuginfo-7.4.33-1.62.1 * php74-intl-7.4.33-1.62.1 * php74-odbc-7.4.33-1.62.1 * php74-bz2-7.4.33-1.62.1 * php74-pdo-7.4.33-1.62.1 * php74-ctype-7.4.33-1.62.1 * php74-dba-debuginfo-7.4.33-1.62.1 * php74-debuginfo-7.4.33-1.62.1 * php74-enchant-7.4.33-1.62.1 * php74-shmop-7.4.33-1.62.1 * php74-fileinfo-debuginfo-7.4.33-1.62.1 * php74-xmlrpc-debuginfo-7.4.33-1.62.1 * php74-ldap-debuginfo-7.4.33-1.62.1 * apache2-mod_php74-debuginfo-7.4.33-1.62.1 * php74-json-7.4.33-1.62.1 * php74-mbstring-debuginfo-7.4.33-1.62.1 * php74-sysvshm-7.4.33-1.62.1 * apache2-mod_php74-7.4.33-1.62.1 * php74-bcmath-debuginfo-7.4.33-1.62.1 * php74-odbc-debuginfo-7.4.33-1.62.1 * php74-gmp-7.4.33-1.62.1 * php74-tidy-7.4.33-1.62.1 * php74-zip-debuginfo-7.4.33-1.62.1 * php74-gd-debuginfo-7.4.33-1.62.1 * php74-exif-7.4.33-1.62.1 * php74-calendar-debuginfo-7.4.33-1.62.1 * php74-sysvsem-7.4.33-1.62.1 * php74-mysql-7.4.33-1.62.1 * php74-pcntl-7.4.33-1.62.1 * php74-bcmath-7.4.33-1.62.1 * php74-phar-debuginfo-7.4.33-1.62.1 * php74-readline-debuginfo-7.4.33-1.62.1 * php74-tokenizer-debuginfo-7.4.33-1.62.1 * php74-mysql-debuginfo-7.4.33-1.62.1 * php74-sodium-7.4.33-1.62.1 * php74-ftp-debuginfo-7.4.33-1.62.1 * php74-sqlite-7.4.33-1.62.1 * php74-opcache-7.4.33-1.62.1 * php74-mbstring-7.4.33-1.62.1 * php74-readline-7.4.33-1.62.1 * php74-snmp-debuginfo-7.4.33-1.62.1 * php74-opcache-debuginfo-7.4.33-1.62.1 * php74-sodium-debuginfo-7.4.33-1.62.1 * php74-iconv-7.4.33-1.62.1 * php74-pcntl-debuginfo-7.4.33-1.62.1 * php74-fpm-7.4.33-1.62.1 * php74-fastcgi-debuginfo-7.4.33-1.62.1 * php74-gmp-debuginfo-7.4.33-1.62.1 * php74-xsl-debuginfo-7.4.33-1.62.1 * php74-pgsql-debuginfo-7.4.33-1.62.1 * php74-curl-7.4.33-1.62.1 * php74-debugsource-7.4.33-1.62.1 * php74-posix-debuginfo-7.4.33-1.62.1 * php74-dom-7.4.33-1.62.1 * php74-ctype-debuginfo-7.4.33-1.62.1 * php74-tokenizer-7.4.33-1.62.1 * php74-dom-debuginfo-7.4.33-1.62.1 * php74-enchant-debuginfo-7.4.33-1.62.1 * php74-fastcgi-7.4.33-1.62.1 * php74-sqlite-debuginfo-7.4.33-1.62.1 * php74-sysvshm-debuginfo-7.4.33-1.62.1 * php74-phar-7.4.33-1.62.1 * php74-xmlreader-7.4.33-1.62.1 * php74-snmp-7.4.33-1.62.1 * php74-xsl-7.4.33-1.62.1 * php74-dba-7.4.33-1.62.1 * php74-sysvmsg-debuginfo-7.4.33-1.62.1 * php74-intl-debuginfo-7.4.33-1.62.1 * php74-soap-debuginfo-7.4.33-1.62.1 * php74-7.4.33-1.62.1 * php74-pgsql-7.4.33-1.62.1 * php74-openssl-7.4.33-1.62.1 * php74-openssl-debuginfo-7.4.33-1.62.1 * php74-zip-7.4.33-1.62.1 * php74-gd-7.4.33-1.62.1 * php74-sysvmsg-7.4.33-1.62.1 * php74-posix-7.4.33-1.62.1 * php74-sockets-debuginfo-7.4.33-1.62.1 * php74-soap-7.4.33-1.62.1 * php74-curl-debuginfo-7.4.33-1.62.1 * php74-gettext-7.4.33-1.62.1 * php74-xmlreader-debuginfo-7.4.33-1.62.1 * php74-fpm-debuginfo-7.4.33-1.62.1 * php74-json-debuginfo-7.4.33-1.62.1 * php74-iconv-debuginfo-7.4.33-1.62.1 * php74-exif-debuginfo-7.4.33-1.62.1 * php74-fileinfo-7.4.33-1.62.1 * php74-zlib-debuginfo-7.4.33-1.62.1 * php74-shmop-debuginfo-7.4.33-1.62.1 * php74-sockets-7.4.33-1.62.1 * php74-gettext-debuginfo-7.4.33-1.62.1 * php74-tidy-debuginfo-7.4.33-1.62.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * php74-debuginfo-7.4.33-1.62.1 * php74-devel-7.4.33-1.62.1 * php74-debugsource-7.4.33-1.62.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3823.html * https://www.suse.com/security/cve/CVE-2023-3824.html * https://bugzilla.suse.com/show_bug.cgi?id=1214103 * https://bugzilla.suse.com/show_bug.cgi?id=1214106 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:40 -0000 Subject: SUSE-SU-2023:3444-1: important: Security update for qemu Message-ID: <169322584029.18229.5709220285945592876@smelt2.suse.de> # Security update for qemu Announcement ID: SUSE-SU-2023:3444-1 Rating: important References: * #1188609 * #1190011 * #1207205 * #1212850 * #1213414 * #1213925 Cross-References: * CVE-2021-3638 * CVE-2021-3750 * CVE-2023-0330 * CVE-2023-3180 * CVE-2023-3301 * CVE-2023-3354 CVSS scores: * CVE-2021-3638 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2021-3638 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2021-3750 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-3750 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-0330 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-0330 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3180 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3180 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-3354 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3354 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves six vulnerabilities can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. (bsc#1207205) * CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. (bsc#1212850) * CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_op_helper(). (bsc#1213925) * CVE-2021-3638: Fixed an out-of-bounds write due to an inconsistent check in ati_2d_blt(). (bsc#1188609) * CVE-2023-3301: Fixed a DoS due to an assertion failure. (bsc#1213414) * CVE-2021-3750: Fixed an use-after-free in DMA reentrancy issue. (bsc#1190011) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3444=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3444=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3444=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3444=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3444=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3444=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3444=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3444=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3444=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3444=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3444=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * qemu-hw-display-qxl-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-5.2.0-150300.127.3 * qemu-ui-opengl-debuginfo-5.2.0-150300.127.3 * qemu-block-rbd-5.2.0-150300.127.3 * qemu-block-ssh-debuginfo-5.2.0-150300.127.3 * qemu-block-curl-5.2.0-150300.127.3 * qemu-block-rbd-debuginfo-5.2.0-150300.127.3 * qemu-block-ssh-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-ui-spice-app-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-5.2.0-150300.127.3 * qemu-lang-5.2.0-150300.127.3 * qemu-audio-spice-5.2.0-150300.127.3 * qemu-chardev-spice-5.2.0-150300.127.3 * qemu-ui-spice-core-5.2.0-150300.127.3 * qemu-ui-curses-debuginfo-5.2.0-150300.127.3 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.127.3 * qemu-ui-opengl-5.2.0-150300.127.3 * qemu-ui-spice-app-5.2.0-150300.127.3 * qemu-ui-gtk-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-debuginfo-5.2.0-150300.127.3 * qemu-debugsource-5.2.0-150300.127.3 * qemu-ui-curses-5.2.0-150300.127.3 * qemu-hw-usb-redirect-5.2.0-150300.127.3 * qemu-chardev-spice-debuginfo-5.2.0-150300.127.3 * qemu-audio-spice-debuginfo-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * qemu-ksm-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-debuginfo-5.2.0-150300.127.3 * qemu-block-iscsi-5.2.0-150300.127.3 * qemu-block-iscsi-debuginfo-5.2.0-150300.127.3 * qemu-ui-spice-core-debuginfo-5.2.0-150300.127.3 * qemu-ui-gtk-5.2.0-150300.127.3 * qemu-block-curl-debuginfo-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-hw-display-qxl-5.2.0-150300.127.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.127.3 * qemu-arm-5.2.0-150300.127.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-sgabios-8-150300.127.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-5.2.0-150300.127.3 * qemu-x86-5.2.0-150300.127.3 * qemu-audio-pa-debuginfo-5.2.0-150300.127.3 * qemu-kvm-5.2.0-150300.127.3 * qemu-audio-alsa-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.127.3 * qemu-audio-alsa-debuginfo-5.2.0-150300.127.3 * qemu-audio-pa-5.2.0-150300.127.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * qemu-hw-display-qxl-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-5.2.0-150300.127.3 * qemu-ui-opengl-debuginfo-5.2.0-150300.127.3 * qemu-block-rbd-5.2.0-150300.127.3 * qemu-block-ssh-debuginfo-5.2.0-150300.127.3 * qemu-block-curl-5.2.0-150300.127.3 * qemu-block-rbd-debuginfo-5.2.0-150300.127.3 * qemu-block-ssh-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-ui-spice-app-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-5.2.0-150300.127.3 * qemu-lang-5.2.0-150300.127.3 * qemu-audio-spice-5.2.0-150300.127.3 * qemu-chardev-spice-5.2.0-150300.127.3 * qemu-ui-spice-core-5.2.0-150300.127.3 * qemu-ui-curses-debuginfo-5.2.0-150300.127.3 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.127.3 * qemu-ui-opengl-5.2.0-150300.127.3 * qemu-ui-spice-app-5.2.0-150300.127.3 * qemu-ui-gtk-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-debuginfo-5.2.0-150300.127.3 * qemu-debugsource-5.2.0-150300.127.3 * qemu-ui-curses-5.2.0-150300.127.3 * qemu-hw-usb-redirect-5.2.0-150300.127.3 * qemu-chardev-spice-debuginfo-5.2.0-150300.127.3 * qemu-audio-spice-debuginfo-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * qemu-ksm-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-debuginfo-5.2.0-150300.127.3 * qemu-block-iscsi-5.2.0-150300.127.3 * qemu-block-iscsi-debuginfo-5.2.0-150300.127.3 * qemu-ui-spice-core-debuginfo-5.2.0-150300.127.3 * qemu-ui-gtk-5.2.0-150300.127.3 * qemu-block-curl-debuginfo-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-hw-display-qxl-5.2.0-150300.127.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.127.3 * qemu-arm-5.2.0-150300.127.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-sgabios-8-150300.127.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-5.2.0-150300.127.3 * qemu-x86-5.2.0-150300.127.3 * qemu-audio-pa-debuginfo-5.2.0-150300.127.3 * qemu-kvm-5.2.0-150300.127.3 * qemu-audio-alsa-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.127.3 * qemu-audio-alsa-debuginfo-5.2.0-150300.127.3 * qemu-audio-pa-5.2.0-150300.127.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * qemu-chardev-baum-5.2.0-150300.127.3 * qemu-block-rbd-5.2.0-150300.127.3 * qemu-block-ssh-debuginfo-5.2.0-150300.127.3 * qemu-block-curl-5.2.0-150300.127.3 * qemu-block-rbd-debuginfo-5.2.0-150300.127.3 * qemu-block-ssh-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-guest-agent-5.2.0-150300.127.3 * qemu-lang-5.2.0-150300.127.3 * qemu-ui-curses-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-debuginfo-5.2.0-150300.127.3 * qemu-debugsource-5.2.0-150300.127.3 * qemu-ui-curses-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-debuginfo-5.2.0-150300.127.3 * qemu-block-iscsi-5.2.0-150300.127.3 * qemu-block-iscsi-debuginfo-5.2.0-150300.127.3 * qemu-block-curl-debuginfo-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-ksm-5.2.0-150300.127.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.127.3 * qemu-arm-5.2.0-150300.127.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le x86_64) * qemu-hw-display-qxl-debuginfo-5.2.0-150300.127.3 * qemu-ui-spice-core-5.2.0-150300.127.3 * qemu-ui-opengl-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-5.2.0-150300.127.3 * qemu-ui-spice-core-debuginfo-5.2.0-150300.127.3 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.127.3 * qemu-hw-usb-redirect-5.2.0-150300.127.3 * qemu-ui-opengl-5.2.0-150300.127.3 * qemu-ui-spice-app-5.2.0-150300.127.3 * qemu-ui-gtk-debuginfo-5.2.0-150300.127.3 * qemu-ui-gtk-5.2.0-150300.127.3 * qemu-ui-spice-app-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-qxl-5.2.0-150300.127.3 * qemu-audio-spice-5.2.0-150300.127.3 * qemu-chardev-spice-debuginfo-5.2.0-150300.127.3 * qemu-chardev-spice-5.2.0-150300.127.3 * qemu-audio-spice-debuginfo-5.2.0-150300.127.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * qemu-sgabios-8-150300.127.3 * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-SLOF-5.2.0-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-skiboot-5.2.0-150300.127.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * qemu-ppc-5.2.0-150300.127.3 * qemu-ppc-debuginfo-5.2.0-150300.127.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x x86_64) * qemu-hw-display-virtio-gpu-5.2.0-150300.127.3 * qemu-kvm-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.127.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.127.3 * qemu-s390x-debuginfo-5.2.0-150300.127.3 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.127.3 * qemu-s390x-5.2.0-150300.127.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.127.3 * qemu-x86-5.2.0-150300.127.3 * qemu-audio-pa-debuginfo-5.2.0-150300.127.3 * qemu-audio-alsa-5.2.0-150300.127.3 * qemu-audio-alsa-debuginfo-5.2.0-150300.127.3 * qemu-audio-pa-5.2.0-150300.127.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * qemu-hw-display-qxl-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-5.2.0-150300.127.3 * qemu-ui-opengl-debuginfo-5.2.0-150300.127.3 * qemu-block-rbd-5.2.0-150300.127.3 * qemu-block-ssh-debuginfo-5.2.0-150300.127.3 * qemu-block-curl-5.2.0-150300.127.3 * qemu-block-rbd-debuginfo-5.2.0-150300.127.3 * qemu-block-ssh-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-ui-spice-app-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-5.2.0-150300.127.3 * qemu-lang-5.2.0-150300.127.3 * qemu-audio-spice-5.2.0-150300.127.3 * qemu-chardev-spice-5.2.0-150300.127.3 * qemu-ui-spice-core-5.2.0-150300.127.3 * qemu-ui-curses-debuginfo-5.2.0-150300.127.3 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.127.3 * qemu-ui-opengl-5.2.0-150300.127.3 * qemu-ui-spice-app-5.2.0-150300.127.3 * qemu-ui-gtk-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-debuginfo-5.2.0-150300.127.3 * qemu-debugsource-5.2.0-150300.127.3 * qemu-ui-curses-5.2.0-150300.127.3 * qemu-hw-usb-redirect-5.2.0-150300.127.3 * qemu-chardev-spice-debuginfo-5.2.0-150300.127.3 * qemu-audio-spice-debuginfo-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * qemu-ksm-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-debuginfo-5.2.0-150300.127.3 * qemu-block-iscsi-5.2.0-150300.127.3 * qemu-block-iscsi-debuginfo-5.2.0-150300.127.3 * qemu-ui-spice-core-debuginfo-5.2.0-150300.127.3 * qemu-ui-gtk-5.2.0-150300.127.3 * qemu-block-curl-debuginfo-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-hw-display-qxl-5.2.0-150300.127.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * qemu-sgabios-8-150300.127.3 * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-SLOF-5.2.0-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-skiboot-5.2.0-150300.127.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * qemu-ppc-5.2.0-150300.127.3 * qemu-ppc-debuginfo-5.2.0-150300.127.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-5.2.0-150300.127.3 * qemu-x86-5.2.0-150300.127.3 * qemu-audio-pa-debuginfo-5.2.0-150300.127.3 * qemu-kvm-5.2.0-150300.127.3 * qemu-audio-alsa-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.127.3 * qemu-audio-alsa-debuginfo-5.2.0-150300.127.3 * qemu-audio-pa-5.2.0-150300.127.3 * SUSE Manager Proxy 4.2 (x86_64) * qemu-hw-display-qxl-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-5.2.0-150300.127.3 * qemu-ui-opengl-debuginfo-5.2.0-150300.127.3 * qemu-block-rbd-5.2.0-150300.127.3 * qemu-block-ssh-debuginfo-5.2.0-150300.127.3 * qemu-block-curl-5.2.0-150300.127.3 * qemu-x86-5.2.0-150300.127.3 * qemu-block-rbd-debuginfo-5.2.0-150300.127.3 * qemu-audio-pa-debuginfo-5.2.0-150300.127.3 * qemu-block-ssh-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.127.3 * qemu-ui-spice-app-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-5.2.0-150300.127.3 * qemu-lang-5.2.0-150300.127.3 * qemu-audio-spice-5.2.0-150300.127.3 * qemu-audio-alsa-debuginfo-5.2.0-150300.127.3 * qemu-chardev-spice-5.2.0-150300.127.3 * qemu-ui-spice-core-5.2.0-150300.127.3 * qemu-ui-curses-debuginfo-5.2.0-150300.127.3 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.127.3 * qemu-ui-opengl-5.2.0-150300.127.3 * qemu-ui-spice-app-5.2.0-150300.127.3 * qemu-ui-gtk-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-debuginfo-5.2.0-150300.127.3 * qemu-debugsource-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.127.3 * qemu-ui-curses-5.2.0-150300.127.3 * qemu-hw-usb-redirect-5.2.0-150300.127.3 * qemu-audio-pa-5.2.0-150300.127.3 * qemu-chardev-spice-debuginfo-5.2.0-150300.127.3 * qemu-audio-spice-debuginfo-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * qemu-ksm-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-5.2.0-150300.127.3 * qemu-x86-debuginfo-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-kvm-5.2.0-150300.127.3 * qemu-audio-alsa-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-debuginfo-5.2.0-150300.127.3 * qemu-block-iscsi-5.2.0-150300.127.3 * qemu-block-iscsi-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-5.2.0-150300.127.3 * qemu-ui-spice-core-debuginfo-5.2.0-150300.127.3 * qemu-ui-gtk-5.2.0-150300.127.3 * qemu-block-curl-debuginfo-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-hw-display-qxl-5.2.0-150300.127.3 * SUSE Manager Proxy 4.2 (noarch) * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-sgabios-8-150300.127.3 * SUSE Manager Retail Branch Server 4.2 (x86_64) * qemu-hw-display-qxl-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-5.2.0-150300.127.3 * qemu-ui-opengl-debuginfo-5.2.0-150300.127.3 * qemu-block-rbd-5.2.0-150300.127.3 * qemu-block-ssh-debuginfo-5.2.0-150300.127.3 * qemu-block-curl-5.2.0-150300.127.3 * qemu-x86-5.2.0-150300.127.3 * qemu-block-rbd-debuginfo-5.2.0-150300.127.3 * qemu-audio-pa-debuginfo-5.2.0-150300.127.3 * qemu-block-ssh-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.127.3 * qemu-ui-spice-app-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-5.2.0-150300.127.3 * qemu-lang-5.2.0-150300.127.3 * qemu-audio-spice-5.2.0-150300.127.3 * qemu-audio-alsa-debuginfo-5.2.0-150300.127.3 * qemu-chardev-spice-5.2.0-150300.127.3 * qemu-ui-spice-core-5.2.0-150300.127.3 * qemu-ui-curses-debuginfo-5.2.0-150300.127.3 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.127.3 * qemu-ui-opengl-5.2.0-150300.127.3 * qemu-ui-spice-app-5.2.0-150300.127.3 * qemu-ui-gtk-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-debuginfo-5.2.0-150300.127.3 * qemu-debugsource-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.127.3 * qemu-ui-curses-5.2.0-150300.127.3 * qemu-hw-usb-redirect-5.2.0-150300.127.3 * qemu-audio-pa-5.2.0-150300.127.3 * qemu-chardev-spice-debuginfo-5.2.0-150300.127.3 * qemu-audio-spice-debuginfo-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * qemu-ksm-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-5.2.0-150300.127.3 * qemu-x86-debuginfo-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-kvm-5.2.0-150300.127.3 * qemu-audio-alsa-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-debuginfo-5.2.0-150300.127.3 * qemu-block-iscsi-5.2.0-150300.127.3 * qemu-block-iscsi-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-5.2.0-150300.127.3 * qemu-ui-spice-core-debuginfo-5.2.0-150300.127.3 * qemu-ui-gtk-5.2.0-150300.127.3 * qemu-block-curl-debuginfo-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-hw-display-qxl-5.2.0-150300.127.3 * SUSE Manager Retail Branch Server 4.2 (noarch) * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-sgabios-8-150300.127.3 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * qemu-chardev-baum-5.2.0-150300.127.3 * qemu-block-rbd-5.2.0-150300.127.3 * qemu-block-ssh-debuginfo-5.2.0-150300.127.3 * qemu-block-curl-5.2.0-150300.127.3 * qemu-block-rbd-debuginfo-5.2.0-150300.127.3 * qemu-block-ssh-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-guest-agent-5.2.0-150300.127.3 * qemu-lang-5.2.0-150300.127.3 * qemu-ui-curses-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-debuginfo-5.2.0-150300.127.3 * qemu-debugsource-5.2.0-150300.127.3 * qemu-ui-curses-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-debuginfo-5.2.0-150300.127.3 * qemu-block-iscsi-5.2.0-150300.127.3 * qemu-block-iscsi-debuginfo-5.2.0-150300.127.3 * qemu-block-curl-debuginfo-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-ksm-5.2.0-150300.127.3 * SUSE Manager Server 4.2 (noarch) * qemu-sgabios-8-150300.127.3 * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-SLOF-5.2.0-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-skiboot-5.2.0-150300.127.3 * SUSE Manager Server 4.2 (ppc64le x86_64) * qemu-hw-display-qxl-debuginfo-5.2.0-150300.127.3 * qemu-ui-spice-core-5.2.0-150300.127.3 * qemu-ui-opengl-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-5.2.0-150300.127.3 * qemu-ui-spice-core-debuginfo-5.2.0-150300.127.3 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.127.3 * qemu-hw-usb-redirect-5.2.0-150300.127.3 * qemu-ui-opengl-5.2.0-150300.127.3 * qemu-ui-spice-app-5.2.0-150300.127.3 * qemu-ui-gtk-debuginfo-5.2.0-150300.127.3 * qemu-ui-gtk-5.2.0-150300.127.3 * qemu-ui-spice-app-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-qxl-5.2.0-150300.127.3 * qemu-audio-spice-5.2.0-150300.127.3 * qemu-chardev-spice-debuginfo-5.2.0-150300.127.3 * qemu-chardev-spice-5.2.0-150300.127.3 * qemu-audio-spice-debuginfo-5.2.0-150300.127.3 * SUSE Manager Server 4.2 (ppc64le) * qemu-ppc-5.2.0-150300.127.3 * qemu-ppc-debuginfo-5.2.0-150300.127.3 * SUSE Manager Server 4.2 (s390x x86_64) * qemu-hw-display-virtio-gpu-5.2.0-150300.127.3 * qemu-kvm-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.127.3 * SUSE Manager Server 4.2 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.127.3 * qemu-s390x-debuginfo-5.2.0-150300.127.3 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.127.3 * qemu-s390x-5.2.0-150300.127.3 * SUSE Manager Server 4.2 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.127.3 * qemu-x86-5.2.0-150300.127.3 * qemu-audio-pa-debuginfo-5.2.0-150300.127.3 * qemu-audio-alsa-5.2.0-150300.127.3 * qemu-audio-alsa-debuginfo-5.2.0-150300.127.3 * qemu-audio-pa-5.2.0-150300.127.3 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * qemu-hw-display-qxl-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-5.2.0-150300.127.3 * qemu-ui-opengl-debuginfo-5.2.0-150300.127.3 * qemu-block-rbd-5.2.0-150300.127.3 * qemu-block-ssh-debuginfo-5.2.0-150300.127.3 * qemu-block-curl-5.2.0-150300.127.3 * qemu-block-rbd-debuginfo-5.2.0-150300.127.3 * qemu-block-ssh-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-ui-spice-app-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-5.2.0-150300.127.3 * qemu-lang-5.2.0-150300.127.3 * qemu-audio-spice-5.2.0-150300.127.3 * qemu-chardev-spice-5.2.0-150300.127.3 * qemu-ui-spice-core-5.2.0-150300.127.3 * qemu-ui-curses-debuginfo-5.2.0-150300.127.3 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.127.3 * qemu-ui-opengl-5.2.0-150300.127.3 * qemu-ui-spice-app-5.2.0-150300.127.3 * qemu-ui-gtk-debuginfo-5.2.0-150300.127.3 * qemu-chardev-baum-debuginfo-5.2.0-150300.127.3 * qemu-debugsource-5.2.0-150300.127.3 * qemu-ui-curses-5.2.0-150300.127.3 * qemu-hw-usb-redirect-5.2.0-150300.127.3 * qemu-chardev-spice-debuginfo-5.2.0-150300.127.3 * qemu-audio-spice-debuginfo-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * qemu-ksm-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-debuginfo-5.2.0-150300.127.3 * qemu-block-iscsi-5.2.0-150300.127.3 * qemu-block-iscsi-debuginfo-5.2.0-150300.127.3 * qemu-ui-spice-core-debuginfo-5.2.0-150300.127.3 * qemu-ui-gtk-5.2.0-150300.127.3 * qemu-block-curl-debuginfo-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-hw-display-qxl-5.2.0-150300.127.3 * SUSE Enterprise Storage 7.1 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.127.3 * qemu-arm-5.2.0-150300.127.3 * SUSE Enterprise Storage 7.1 (noarch) * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-sgabios-8-150300.127.3 * SUSE Enterprise Storage 7.1 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-5.2.0-150300.127.3 * qemu-x86-5.2.0-150300.127.3 * qemu-audio-pa-debuginfo-5.2.0-150300.127.3 * qemu-kvm-5.2.0-150300.127.3 * qemu-audio-alsa-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.127.3 * qemu-audio-alsa-debuginfo-5.2.0-150300.127.3 * qemu-audio-pa-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * qemu-debugsource-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro 5.1 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.127.3 * qemu-arm-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro 5.1 (noarch) * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-sgabios-8-150300.127.3 * SUSE Linux Enterprise Micro 5.1 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.127.3 * qemu-s390x-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro 5.1 (x86_64) * qemu-x86-5.2.0-150300.127.3 * qemu-x86-debuginfo-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * qemu-hw-display-qxl-debuginfo-5.2.0-150300.127.3 * qemu-ui-opengl-debuginfo-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-5.2.0-150300.127.3 * qemu-audio-spice-5.2.0-150300.127.3 * qemu-chardev-spice-5.2.0-150300.127.3 * qemu-ui-spice-core-5.2.0-150300.127.3 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.127.3 * qemu-ui-opengl-5.2.0-150300.127.3 * qemu-debugsource-5.2.0-150300.127.3 * qemu-hw-usb-redirect-5.2.0-150300.127.3 * qemu-chardev-spice-debuginfo-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * qemu-audio-spice-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-5.2.0-150300.127.3 * qemu-ui-spice-core-debuginfo-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-hw-display-qxl-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.127.3 * qemu-arm-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro 5.2 (noarch) * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-sgabios-8-150300.127.3 * SUSE Linux Enterprise Micro 5.2 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.127.3 * qemu-s390x-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro 5.2 (x86_64) * qemu-x86-5.2.0-150300.127.3 * qemu-x86-debuginfo-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * qemu-hw-display-qxl-debuginfo-5.2.0-150300.127.3 * qemu-ui-opengl-debuginfo-5.2.0-150300.127.3 * qemu-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-5.2.0-150300.127.3 * qemu-audio-spice-5.2.0-150300.127.3 * qemu-chardev-spice-5.2.0-150300.127.3 * qemu-ui-spice-core-5.2.0-150300.127.3 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.127.3 * qemu-ui-opengl-5.2.0-150300.127.3 * qemu-debugsource-5.2.0-150300.127.3 * qemu-hw-usb-redirect-5.2.0-150300.127.3 * qemu-chardev-spice-debuginfo-5.2.0-150300.127.3 * qemu-tools-debuginfo-5.2.0-150300.127.3 * qemu-audio-spice-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-5.2.0-150300.127.3 * qemu-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.127.3 * qemu-guest-agent-debuginfo-5.2.0-150300.127.3 * qemu-hw-display-virtio-gpu-5.2.0-150300.127.3 * qemu-ui-spice-core-debuginfo-5.2.0-150300.127.3 * qemu-tools-5.2.0-150300.127.3 * qemu-hw-display-qxl-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.127.3 * qemu-arm-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * qemu-seabios-1.14.0_0_g155821a-150300.127.3 * qemu-ipxe-1.0.0+-150300.127.3 * qemu-vgabios-1.14.0_0_g155821a-150300.127.3 * qemu-sgabios-8-150300.127.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.127.3 * qemu-s390x-5.2.0-150300.127.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * qemu-x86-5.2.0-150300.127.3 * qemu-x86-debuginfo-5.2.0-150300.127.3 ## References: * https://www.suse.com/security/cve/CVE-2021-3638.html * https://www.suse.com/security/cve/CVE-2021-3750.html * https://www.suse.com/security/cve/CVE-2023-0330.html * https://www.suse.com/security/cve/CVE-2023-3180.html * https://www.suse.com/security/cve/CVE-2023-3301.html * https://www.suse.com/security/cve/CVE-2023-3354.html * https://bugzilla.suse.com/show_bug.cgi?id=1188609 * https://bugzilla.suse.com/show_bug.cgi?id=1190011 * https://bugzilla.suse.com/show_bug.cgi?id=1207205 * https://bugzilla.suse.com/show_bug.cgi?id=1212850 * https://bugzilla.suse.com/show_bug.cgi?id=1213414 * https://bugzilla.suse.com/show_bug.cgi?id=1213925 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:43 -0000 Subject: SUSE-SU-2023:3443-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <169322584369.18229.13711263561920501763@smelt2.suse.de> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:3443-1 Rating: moderate References: * #1213481 * #1213482 Cross-References: * CVE-2023-22045 * CVE-2023-22049 CVSS scores: * CVE-2023-22045 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22049 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u382 (icedtea-3.28.0) * CVE-2023-22045: Fixed a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK (bsc#1213481). * CVE-2023-22049: Fixed a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK (bsc#1213482). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3443=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3443=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3443=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3443=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-demo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-1.8.0.382-27.90.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-devel-1.8.0.382-27.90.1 * java-1_8_0-openjdk-headless-1.8.0.382-27.90.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-27.90.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-demo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-1.8.0.382-27.90.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-devel-1.8.0.382-27.90.1 * java-1_8_0-openjdk-headless-1.8.0.382-27.90.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-27.90.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-demo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-1.8.0.382-27.90.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-devel-1.8.0.382-27.90.1 * java-1_8_0-openjdk-headless-1.8.0.382-27.90.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-27.90.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-demo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-1.8.0.382-27.90.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-27.90.1 * java-1_8_0-openjdk-devel-1.8.0.382-27.90.1 * java-1_8_0-openjdk-headless-1.8.0.382-27.90.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-27.90.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22045.html * https://www.suse.com/security/cve/CVE-2023-22049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213481 * https://bugzilla.suse.com/show_bug.cgi?id=1213482 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 12:30:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 12:30:49 -0000 Subject: SUSE-SU-2023:3442-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <169322584973.18229.8243403141990075877@smelt2.suse.de> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:3442-1 Rating: moderate References: * #1213481 * #1213482 Cross-References: * CVE-2023-22045 * CVE-2023-22049 CVSS scores: * CVE-2023-22045 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22045 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-22049 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22049 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u382 (icedtea-3.28.0): * CVE-2023-22045: Fixed a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK (bsc#1213481). * CVE-2023-22049: Fixed a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK (bsc#1213482). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3442=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3442=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3442=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3442=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3442=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3442=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3442=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3442=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3442=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3442=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3442=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3442=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3442=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-src-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-accessibility-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.382-150000.3.82.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-src-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-accessibility-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.382-150000.3.82.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-headless-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debugsource-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-demo-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-devel-1.8.0.382-150000.3.82.1 * java-1_8_0-openjdk-debuginfo-1.8.0.382-150000.3.82.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22045.html * https://www.suse.com/security/cve/CVE-2023-22049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213481 * https://bugzilla.suse.com/show_bug.cgi?id=1213482 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 16:30:02 -0000 Subject: SUSE-SU-2023:3461-1: moderate: Security update for freetype2 Message-ID: <169324020285.14843.11759623532515800324@smelt2.suse.de> # Security update for freetype2 Announcement ID: SUSE-SU-2023:3461-1 Rating: moderate References: * #1210419 Cross-References: * CVE-2023-2004 CVSS scores: * CVE-2023-2004 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2023-2004 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for freetype2 fixes the following issues: * CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3461=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3461=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3461=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3461=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3461=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3461=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3461=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3461=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3461=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3461=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3461=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3461=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3461=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3461=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3461=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3461=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3461=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3461=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * ftstring-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * ftmulti-2.10.4-150000.4.15.1 * ftvalid-2.10.4-150000.4.15.1 * freetype2-devel-2.10.4-150000.4.15.1 * ftdump-2.10.4-150000.4.15.1 * ftinspect-2.10.4-150000.4.15.1 * ftview-2.10.4-150000.4.15.1 * ftdiff-2.10.4-150000.4.15.1 * ftlint-2.10.4-150000.4.15.1 * ftbench-2.10.4-150000.4.15.1 * ftgamma-2.10.4-150000.4.15.1 * ftgrid-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * openSUSE Leap 15.4 (x86_64) * libfreetype6-32bit-2.10.4-150000.4.15.1 * libfreetype6-32bit-debuginfo-2.10.4-150000.4.15.1 * freetype2-devel-32bit-2.10.4-150000.4.15.1 * openSUSE Leap 15.4 (noarch) * freetype2-profile-tti35-2.10.4-150000.4.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * ft2demos-2.10.4-150000.4.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * ftstring-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * ftmulti-2.10.4-150000.4.15.1 * ftvalid-2.10.4-150000.4.15.1 * freetype2-devel-2.10.4-150000.4.15.1 * ftdump-2.10.4-150000.4.15.1 * ftinspect-2.10.4-150000.4.15.1 * ftview-2.10.4-150000.4.15.1 * ftdiff-2.10.4-150000.4.15.1 * ftlint-2.10.4-150000.4.15.1 * ftbench-2.10.4-150000.4.15.1 * ftgamma-2.10.4-150000.4.15.1 * ftgrid-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * openSUSE Leap 15.5 (x86_64) * libfreetype6-32bit-2.10.4-150000.4.15.1 * libfreetype6-32bit-debuginfo-2.10.4-150000.4.15.1 * freetype2-devel-32bit-2.10.4-150000.4.15.1 * openSUSE Leap 15.5 (noarch) * freetype2-profile-tti35-2.10.4-150000.4.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * ft2demos-2.10.4-150000.4.15.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * freetype2-devel-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * Basesystem Module 15-SP4 (x86_64) * libfreetype6-32bit-2.10.4-150000.4.15.1 * libfreetype6-32bit-debuginfo-2.10.4-150000.4.15.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * freetype2-devel-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * Basesystem Module 15-SP5 (x86_64) * libfreetype6-32bit-2.10.4-150000.4.15.1 * libfreetype6-32bit-debuginfo-2.10.4-150000.4.15.1 * Desktop Applications Module 15-SP4 (nosrc) * ft2demos-2.10.4-150000.4.15.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ftdump-2.10.4-150000.4.15.1 * Desktop Applications Module 15-SP5 (nosrc) * ft2demos-2.10.4-150000.4.15.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ftdump-2.10.4-150000.4.15.1 * SUSE Manager Proxy 4.2 (x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-32bit-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * freetype2-devel-2.10.4-150000.4.15.1 * libfreetype6-32bit-debuginfo-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-32bit-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * freetype2-devel-2.10.4-150000.4.15.1 * libfreetype6-32bit-debuginfo-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * freetype2-devel-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * SUSE Manager Server 4.2 (x86_64) * libfreetype6-32bit-2.10.4-150000.4.15.1 * libfreetype6-32bit-debuginfo-2.10.4-150000.4.15.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * freetype2-debugsource-2.10.4-150000.4.15.1 * libfreetype6-2.10.4-150000.4.15.1 * libfreetype6-debuginfo-2.10.4-150000.4.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2004.html * https://bugzilla.suse.com/show_bug.cgi?id=1210419 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 16:30:04 -0000 Subject: SUSE-RU-2023:3460-1: low: Recommended update for yast2-trans Message-ID: <169324020456.14843.9179985550604840194@smelt2.suse.de> # Recommended update for yast2-trans Announcement ID: SUSE-RU-2023:3460-1 Rating: low References: Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that can now be installed. ## Description: This update for yast2-trans brings up-to-date translations for the following languages: \- Catalan \- Czech \- Dutch \- French \- German \- Japanese \- Macedonian \- Portuguese (Brazil) \- Slovak \- Spanish \- Swedish ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3460=1 openSUSE-SLE-15.5-2023-3460=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3460=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3460=1 ## Package List: * openSUSE Leap 15.5 (noarch) * yast2-trans-lv-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-he-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-kn-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ta-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-vi-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-kab-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-hi-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-tr-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sq-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-zh_CN-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ms-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ast-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-nn-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-pt_BR-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-my-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ne-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-es-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-wa-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ro-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-pl-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ko-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-bs-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ca-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-hu-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-gl-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-th-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-cy-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-da-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-es_AR-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ja-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-bn-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ku-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-lo-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ru-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sk-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-si-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sr-latin-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-am-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-eu-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-km-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-en_GB-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-nl-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-pt-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-tg-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-fr-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-id-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-de-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-gu-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ar-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-nb-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sr-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sw-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-lt-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-tk-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-mr-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-zu-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-uk-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-fi-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-pa-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-nds-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-et-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-eo-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-cs-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-jv-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-xh-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-el-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-zh_TW-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-it-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-mk-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sl-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-af-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ka-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-bg-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-fa-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ps-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-be-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-hr-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sv-84.87.20230516.e4ba802a-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * yast2-trans-ta-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-vi-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-hi-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-tr-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-zh_CN-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-wa-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-es-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ro-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-pl-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ko-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-bs-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ca-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-hu-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-gl-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-th-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-cy-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-da-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-lo-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ja-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-bn-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ru-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sk-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-si-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-nl-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-km-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-en_GB-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-pt-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-fr-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-id-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-de-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-gu-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ar-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-nb-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sr-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-lt-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-mr-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-zu-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-uk-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-fi-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-pa-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-et-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-xh-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-cs-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-jv-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-el-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-zh_TW-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-it-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-mk-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sl-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-af-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ka-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-bg-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-fa-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-pt_BR-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-hr-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sv-84.87.20230516.e4ba802a-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (noarch) * yast2-trans-nds-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-kn-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-nn-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-tg-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-sw-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ast-84.87.20230516.e4ba802a-150500.3.3.1 * yast2-trans-ku-84.87.20230516.e4ba802a-150500.3.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 16:30:06 -0000 Subject: SUSE-RU-2023:3459-1: moderate: Recommended update for scap-security-guide Message-ID: <169324020622.14843.4049468688833047072@smelt2.suse.de> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2023:3459-1 Rating: moderate References: * ECO-3319 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for scap-security-guide fixes the following issues: * scap-security-guide was updated to 0.1.69 (jsc#ECO-3319) * Introduce a JSON build manifest * Introduce a script to compare ComplianceAsCode versions * Introduce CCN profiles for RHEL9 * Map rules to components * products/anolis23: supports Anolis OS 23 * Render components to HTML * Store rendered control files * Test and use rules to components mapping * Use distributed product properties ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3459=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3459=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-3459=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3459=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3459=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3459=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3459=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3459=1 ## Package List: * openSUSE Leap 15.4 (noarch) * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * openSUSE Leap 15.5 (noarch) * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * scap-security-guide-0.1.69-150000.1.65.1 * Basesystem Module 15-SP4 (noarch) * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * Basesystem Module 15-SP5 (noarch) * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Manager Proxy 4.2 (noarch) * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 * SUSE Manager Server 4.2 (noarch) * scap-security-guide-ubuntu-0.1.69-150000.1.65.1 * scap-security-guide-0.1.69-150000.1.65.1 * scap-security-guide-debian-0.1.69-150000.1.65.1 * scap-security-guide-redhat-0.1.69-150000.1.65.1 ## References: * https://jira.suse.com/browse/ECO-3319 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 16:30:09 -0000 Subject: SUSE-RU-2023:2365-3: moderate: Recommended update for util-linux Message-ID: <169324020937.14843.5811971263677168551@smelt2.suse.de> # Recommended update for util-linux Announcement ID: SUSE-RU-2023:2365-3 Rating: moderate References: * #1210164 Affected Products: * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for util-linux fixes the following issues: * Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2365=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2365=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2365=1 ## Package List: * SUSE Manager Proxy 4.2 (x86_64) * uuidd-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libblkid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libuuid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libuuid1-32bit-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * util-linux-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * libsmartcols-devel-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * libmount1-32bit-2.36.2-150300.4.35.1 * libmount1-32bit-debuginfo-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libmount-devel-2.36.2-150300.4.35.1 * uuidd-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-2.36.2-150300.4.35.1 * libblkid-devel-2.36.2-150300.4.35.1 * libblkid1-32bit-2.36.2-150300.4.35.1 * libblkid-devel-static-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libfdisk-devel-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-static-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * SUSE Manager Proxy 4.2 (noarch) * util-linux-lang-2.36.2-150300.4.35.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * uuidd-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libblkid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libuuid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libuuid1-32bit-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * util-linux-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * libsmartcols-devel-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * libmount1-32bit-2.36.2-150300.4.35.1 * libmount1-32bit-debuginfo-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libmount-devel-2.36.2-150300.4.35.1 * uuidd-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-2.36.2-150300.4.35.1 * libblkid-devel-2.36.2-150300.4.35.1 * libblkid1-32bit-2.36.2-150300.4.35.1 * libblkid-devel-static-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libfdisk-devel-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-static-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * util-linux-lang-2.36.2-150300.4.35.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * uuidd-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * util-linux-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * libsmartcols-devel-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libmount-devel-2.36.2-150300.4.35.1 * uuidd-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-2.36.2-150300.4.35.1 * libblkid-devel-2.36.2-150300.4.35.1 * libblkid-devel-static-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libfdisk-devel-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-static-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * SUSE Manager Server 4.2 (noarch) * util-linux-lang-2.36.2-150300.4.35.1 * SUSE Manager Server 4.2 (x86_64) * libuuid1-32bit-2.36.2-150300.4.35.1 * libuuid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libmount1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-2.36.2-150300.4.35.1 * libmount1-32bit-2.36.2-150300.4.35.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210164 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 16:30:11 -0000 Subject: SUSE-RU-2023:3457-1: moderate: Recommended update for exfatprogs Message-ID: <169324021133.14843.5467992965634269480@smelt2.suse.de> # Recommended update for exfatprogs Announcement ID: SUSE-RU-2023:3457-1 Rating: moderate References: * #1214079 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for exfatprogs fixes the following issues: * Fix fsck on block devices with 4K sector sizes (bsc#1214079) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3457=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3457=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3457=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3457=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3457=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3457=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3457=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.9.1 * exfatprogs-debugsource-1.0.4-150300.3.9.1 * exfatprogs-1.0.4-150300.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.9.1 * exfatprogs-debugsource-1.0.4-150300.3.9.1 * exfatprogs-1.0.4-150300.3.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.9.1 * exfatprogs-debugsource-1.0.4-150300.3.9.1 * exfatprogs-1.0.4-150300.3.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.9.1 * exfatprogs-debugsource-1.0.4-150300.3.9.1 * exfatprogs-1.0.4-150300.3.9.1 * SUSE Manager Proxy 4.2 (x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.9.1 * exfatprogs-debugsource-1.0.4-150300.3.9.1 * exfatprogs-1.0.4-150300.3.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.9.1 * exfatprogs-debugsource-1.0.4-150300.3.9.1 * exfatprogs-1.0.4-150300.3.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * exfatprogs-debuginfo-1.0.4-150300.3.9.1 * exfatprogs-debugsource-1.0.4-150300.3.9.1 * exfatprogs-1.0.4-150300.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214079 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 16:30:13 -0000 Subject: SUSE-SU-2023:3456-1: important: Security update for clamav Message-ID: <169324021367.14843.7075802311420461860@smelt2.suse.de> # Security update for clamav Announcement ID: SUSE-SU-2023:3456-1 Rating: important References: * #1214342 Cross-References: * CVE-2023-20197 CVSS scores: * CVE-2023-20197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for clamav fixes the following issues: * Update to 0.103.9 * CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+ file parser. (bsc#1214342) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3456=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3456=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3456=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3456=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3456=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3456=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3456=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3456=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3456=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3456=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3456=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3456=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3456=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3456=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3456=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3456=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3456=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3456=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3456=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Manager Proxy 4.2 (x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 * SUSE CaaS Platform 4.0 (x86_64) * libfreshclam2-0.103.9-150000.3.47.1 * libclamav9-0.103.9-150000.3.47.1 * clamav-debuginfo-0.103.9-150000.3.47.1 * libclamav9-debuginfo-0.103.9-150000.3.47.1 * clamav-0.103.9-150000.3.47.1 * libfreshclam2-debuginfo-0.103.9-150000.3.47.1 * clamav-devel-0.103.9-150000.3.47.1 * clamav-debugsource-0.103.9-150000.3.47.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20197.html * https://bugzilla.suse.com/show_bug.cgi?id=1214342 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 16:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 16:30:17 -0000 Subject: SUSE-SU-2023:3455-1: important: Security update for nodejs12 Message-ID: <169324021776.14843.4075200657235253729@smelt2.suse.de> # Security update for nodejs12 Announcement ID: SUSE-SU-2023:3455-1 Rating: important References: * #1208481 * #1212574 * #1212582 * #1212583 * #1214150 * #1214154 * #1214156 Cross-References: * CVE-2023-23918 * CVE-2023-30581 * CVE-2023-30589 * CVE-2023-30590 * CVE-2023-32002 * CVE-2023-32006 * CVE-2023-32559 CVSS scores: * CVE-2023-23918 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-23918 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30581 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-30589 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-30590 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-32002 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2023-32002 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32006 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-32006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32559 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-23918: Fixed permissions policies bypass via process.mainModule (bsc#1208481). * CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). * CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). * CVE-2023-30581: Fixed mainModule.proto bypass (bsc#1212574). * CVE-2023-30590: Fixed missing DiffieHellman key generation (bsc#1212583). * CVE-2023-30589: Fixed HTTP Request Smuggling via Empty headers separated by CR (bsc#1212582). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3455=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3455=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3455=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3455=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3455=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3455=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3455=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3455=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3455=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3455=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3455=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Enterprise Storage 7 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23918.html * https://www.suse.com/security/cve/CVE-2023-30581.html * https://www.suse.com/security/cve/CVE-2023-30589.html * https://www.suse.com/security/cve/CVE-2023-30590.html * https://www.suse.com/security/cve/CVE-2023-32002.html * https://www.suse.com/security/cve/CVE-2023-32006.html * https://www.suse.com/security/cve/CVE-2023-32559.html * https://bugzilla.suse.com/show_bug.cgi?id=1208481 * https://bugzilla.suse.com/show_bug.cgi?id=1212574 * https://bugzilla.suse.com/show_bug.cgi?id=1212582 * https://bugzilla.suse.com/show_bug.cgi?id=1212583 * https://bugzilla.suse.com/show_bug.cgi?id=1214150 * https://bugzilla.suse.com/show_bug.cgi?id=1214154 * https://bugzilla.suse.com/show_bug.cgi?id=1214156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 20:30:05 -0000 Subject: SUSE-RU-2023:3464-1: low: Recommended update for xscreensaver Message-ID: <169325460590.17530.15044507600012891605@smelt2.suse.de> # Recommended update for xscreensaver Announcement ID: SUSE-RU-2023:3464-1 Rating: low References: * #1203594 * #1204744 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for xscreensaver fixes the following issues: * Added fix for configuration reading (bsc#1204744) * Drop obsolete patch (bsc#1203594) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3464=1 openSUSE-SLE-15.4-2023-3464=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3464=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3464=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3464=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xscreensaver-data-debuginfo-6.03-150400.3.6.1 * xscreensaver-debuginfo-6.03-150400.3.6.1 * xscreensaver-data-extra-6.03-150400.3.6.1 * xscreensaver-debugsource-6.03-150400.3.6.1 * xscreensaver-data-extra-debuginfo-6.03-150400.3.6.1 * xscreensaver-data-6.03-150400.3.6.1 * xscreensaver-6.03-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * xscreensaver-lang-6.03-150400.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xscreensaver-data-debuginfo-6.03-150400.3.6.1 * xscreensaver-debuginfo-6.03-150400.3.6.1 * xscreensaver-data-extra-6.03-150400.3.6.1 * xscreensaver-debugsource-6.03-150400.3.6.1 * xscreensaver-data-extra-debuginfo-6.03-150400.3.6.1 * xscreensaver-data-6.03-150400.3.6.1 * xscreensaver-6.03-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * xscreensaver-lang-6.03-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xscreensaver-data-debuginfo-6.03-150400.3.6.1 * xscreensaver-debuginfo-6.03-150400.3.6.1 * xscreensaver-debugsource-6.03-150400.3.6.1 * xscreensaver-data-6.03-150400.3.6.1 * xscreensaver-6.03-150400.3.6.1 * Basesystem Module 15-SP4 (noarch) * xscreensaver-lang-6.03-150400.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xscreensaver-data-debuginfo-6.03-150400.3.6.1 * xscreensaver-debuginfo-6.03-150400.3.6.1 * xscreensaver-debugsource-6.03-150400.3.6.1 * xscreensaver-data-6.03-150400.3.6.1 * xscreensaver-6.03-150400.3.6.1 * Basesystem Module 15-SP5 (noarch) * xscreensaver-lang-6.03-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203594 * https://bugzilla.suse.com/show_bug.cgi?id=1204744 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 20:30:08 -0000 Subject: SUSE-SU-2023:3463-1: important: Security update for vim Message-ID: <169325460879.17530.14534929669178254301@smelt2.suse.de> # Security update for vim Announcement ID: SUSE-SU-2023:3463-1 Rating: important References: * #1208828 * #1209042 * #1209187 * #1210996 * #1211256 * #1211257 Cross-References: * CVE-2023-1127 * CVE-2023-1264 * CVE-2023-1355 * CVE-2023-2426 * CVE-2023-2609 * CVE-2023-2610 CVSS scores: * CVE-2023-1127 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-1127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1127 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1264 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1264 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1264 ( NVD ): 6.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2023-1355 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-1355 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1355 ( NVD ): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2426 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2023-2426 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2426 ( NVD ): 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2023-2609 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2609 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2609 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2023-2610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2610 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Updated to version 9.0 with patch level 1572. * CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996). * CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256). * CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257). * CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). * CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). * CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-3463=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3463=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3463=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3463=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * vim-debuginfo-9.0.1572-17.18.1 * vim-9.0.1572-17.18.1 * gvim-debuginfo-9.0.1572-17.18.1 * gvim-9.0.1572-17.18.1 * vim-debugsource-9.0.1572-17.18.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * vim-data-9.0.1572-17.18.1 * vim-data-common-9.0.1572-17.18.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * vim-debuginfo-9.0.1572-17.18.1 * vim-9.0.1572-17.18.1 * gvim-debuginfo-9.0.1572-17.18.1 * gvim-9.0.1572-17.18.1 * vim-debugsource-9.0.1572-17.18.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * vim-data-9.0.1572-17.18.1 * vim-data-common-9.0.1572-17.18.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.0.1572-17.18.1 * vim-9.0.1572-17.18.1 * gvim-debuginfo-9.0.1572-17.18.1 * gvim-9.0.1572-17.18.1 * vim-debugsource-9.0.1572-17.18.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * vim-data-9.0.1572-17.18.1 * vim-data-common-9.0.1572-17.18.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * vim-debuginfo-9.0.1572-17.18.1 * vim-9.0.1572-17.18.1 * gvim-debuginfo-9.0.1572-17.18.1 * gvim-9.0.1572-17.18.1 * vim-debugsource-9.0.1572-17.18.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * vim-data-9.0.1572-17.18.1 * vim-data-common-9.0.1572-17.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1127.html * https://www.suse.com/security/cve/CVE-2023-1264.html * https://www.suse.com/security/cve/CVE-2023-1355.html * https://www.suse.com/security/cve/CVE-2023-2426.html * https://www.suse.com/security/cve/CVE-2023-2609.html * https://www.suse.com/security/cve/CVE-2023-2610.html * https://bugzilla.suse.com/show_bug.cgi?id=1208828 * https://bugzilla.suse.com/show_bug.cgi?id=1209042 * https://bugzilla.suse.com/show_bug.cgi?id=1209187 * https://bugzilla.suse.com/show_bug.cgi?id=1210996 * https://bugzilla.suse.com/show_bug.cgi?id=1211256 * https://bugzilla.suse.com/show_bug.cgi?id=1211257 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Aug 28 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Aug 2023 20:30:10 -0000 Subject: SUSE-SU-2023:3462-1: important: Security update for ca-certificates-mozilla Message-ID: <169325461064.17530.4177863443572104820@smelt2.suse.de> # Security update for ca-certificates-mozilla Announcement ID: SUSE-SU-2023:3462-1 Rating: important References: * #1214248 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one fix can now be installed. ## Description: This update for ca-certificates-mozilla fixes the following issues: * Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: * Atos TrustedRoot Root CA ECC G2 2020 * Atos TrustedRoot Root CA ECC TLS 2021 * Atos TrustedRoot Root CA RSA G2 2020 * Atos TrustedRoot Root CA RSA TLS 2021 * BJCA Global Root CA1 * BJCA Global Root CA2 * LAWtrust Root CA2 (4096) * Sectigo Public Email Protection Root E46 * Sectigo Public Email Protection Root R46 * Sectigo Public Server Authentication Root E46 * Sectigo Public Server Authentication Root R46 * SSL.com Client ECC Root CA 2022 * SSL.com Client RSA Root CA 2022 * SSL.com TLS ECC Root CA 2022 * SSL.com TLS RSA Root CA 2022 Removed CAs: * Chambers of Commerce Root * E-Tugra Certification Authority * E-Tugra Global Root CA ECC v3 * E-Tugra Global Root CA RSA v3 * Hongkong Post Root CA 1 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3462=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3462=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3462=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * ca-certificates-mozilla-2.62-150000.4.41.1 * SUSE CaaS Platform 4.0 (noarch) * ca-certificates-mozilla-2.62-150000.4.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * ca-certificates-mozilla-2.62-150000.4.41.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * ca-certificates-mozilla-2.62-150000.4.41.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214248 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 08:57:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 08:57:12 -0000 Subject: SUSE-SU-2023:3469-1: moderate: Security update for haproxy Message-ID: <169329943288.30643.17459824550742309181@smelt2.suse.de> # Security update for haproxy Announcement ID: SUSE-SU-2023:3469-1 Rating: moderate References: * #1214102 Cross-References: * CVE-2023-40225 CVSS scores: * CVE-2023-40225 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-40225 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for haproxy fixes the following issues: * CVE-2023-40225: Fixed request smuggling with empty content-length header value (bsc#1214102). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3469=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3469=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3469=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3469=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3469=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3469=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3469=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3469=1 openSUSE-SLE-15.4-2023-3469=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3469=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3469=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.16.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.16.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.16.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.16.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.16.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 * haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40225.html * https://bugzilla.suse.com/show_bug.cgi?id=1214102 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 08:57:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 08:57:16 -0000 Subject: SUSE-RU-2023:3468-1: low: Recommended update for python3 Message-ID: <169329943648.30643.6017424748325119043@smelt2.suse.de> # Recommended update for python3 Announcement ID: SUSE-RU-2023:3468-1 Rating: low References: * PED-68 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * HPC Module 15-SP4 * HPC Module 15-SP5 * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that contains one feature can now be installed. ## Description: This update for python3 fixes the following issue: * Rename sources in preparation of python3.11 (jsc#PED-68) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3468=1 SUSE-2023-3468=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3468=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3468=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3468=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3468=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3468=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3468=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3468=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3468=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3468=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3468=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3468=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3468=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3468=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-3468=1 * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2023-3468=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3468=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3468=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3468=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3468=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3468=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3468=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-sphinxcontrib-htmlhelp-2.0.0-150400.5.69 * python3-Sphinx_4_2_0-latex-4.2.0-150400.21.26 * python3-pyqt-builder-1.12.2-150400.8.33 * python-sip-doc-6.5.0-150400.5.69 * python3-Automat-20.2.0-150400.5.69 * python3-evtx-0.5.3b-150400.20.30 * python3-remoto-1.1.4-150400.11.69 * python3-notify2-0.3.1-150400.5.68 * python3-qt5-doc-5.15.6-150400.5.54 * python-sip4-doc-4.19.25-150400.8.34 * python3-sphinxcontrib-qthelp-1.0.3-150400.5.69 * python3-gi-docgen-2021.7-150400.5.69 * python3-text-unidecode-1.3-150400.5.69 * python3-Sphinx_4_2_0-4.2.0-150400.21.26 * python3-Markdown-3.3.6-150400.8.14 * python3-fastimport-0.9.8-150400.5.69 * python3-dpkt-1.9.7.2-150400.5.69 * python3-pytest-virtualenv-1.7.0-150400.5.68 * python3-more-itertools-8.10.0-150400.5.69 * python3-Flask-Migrate-2.4.0-150400.14.69 * python3-hypothesis-3.66.6-150400.5.69 * python3-pytest-xdist-1.32.0-150400.5.68 * python3-incremental-21.3.0-150400.5.69 * python3-pytest-5.4.3-150400.5.73 * python3-smartypants-2.0.1-150400.5.69 * python3-Flask-1.0.4-150400.7.64 * python3-pytest-shutil-1.7.0-150400.5.69 * python3-atspi-2.38.2-150400.5.68 * python3-check-manifest-0.37-150400.14.69 * python3-sphinxcontrib-applehelp-1.0.2-150400.5.69 * python3-python-xlib-0.29-150400.5.72 * python3-python3-saml-1.7.0-150400.12.69 * python3-M2Crypto-doc-0.38.0-150400.7.64 * python3-sip-devel-6.5.0-150400.5.69 * python3-yapf-0.31.0-150400.5.69 * python3-setuptools-git-1.2-150400.5.69 * python3-Sphinx-2.3.1-150400.5.69 * python3-python-gnupg-0.4.7-150400.5.69 * python3-pytest-fixture-config-1.7.0-150400.5.69 * python3-pyudev-0.22.0+git.1642212208.d5630bf-150400.5.50 * python3-tox-2.9.1-150400.20.34 * python3-sphinxcontrib-devhelp-1.0.2-150400.5.69 * python3-termcolor-1.1.0-150400.5.69 * python3-Sphinx-latex-2.3.1-150400.5.69 * python3-pyfakefs-3.4.3-150400.14.69 * python3-pymemcache-1.2.9-150400.16.69 * python3-python-slugify-5.0.2-150400.5.69 * python-sip4-common-4.19.25-150400.8.34 * python3-pyqt-rpm-macros-0.1-150400.9.3.92 * python3-ordered-set-4.0.2-150400.8.34 * python3-typogrify-2.0.7-150400.5.69 * python3-graphviz-0.14.1-150400.6.69 * python3-pyOpenSSL-21.0.0-150400.7.62 * python3-urlgrabber-4.1.0-150400.8.64 * python3-pexpect-4.8.0-150400.17.64 * python3-sphinxcontrib-jsmath-1.0.1-150400.5.69 * python3-Flask-doc-1.0.4-150400.7.64 * python-Sphinx-doc-html-2.3.1-150400.5.67 * python3-pyxb-1.2.6-150400.5.69 * python3-libevdev-0.9-150400.8.34 * python3-dasbus-1.6-150400.5.69 * python3-sphinxcontrib-serializinghtml-1.1.5-150400.5.69 * python3-typing_extensions-3.10.0.0-150400.7.69 * python3-html2text-2020.1.16-150400.8.34 * python3-Paver-1.3.4-150400.5.107 * python3-cogapp-3.0.0-150400.5.69 * python-tox-doc-2.9.1-150400.20.34 * python3-flaky-3.4.0-150400.16.69 * python-Sphinx-doc-man-2.3.1-150400.5.67 * python3-python-docs-theme-2022.1-150400.11.69 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python3-gobject-3.42.2-150400.10.23 * python3-pycairo-1.20.1-150400.5.69 * python3-gobject-Gdk-3.42.2-150400.10.23 * python3-gobject-cairo-debuginfo-3.42.2-150400.10.23 * python3-semanage-debuginfo-3.1-150400.5.69 * python3-gobject2-2.28.7-150400.14.6.46 * python3-qt5-sip-debuginfo-12.9.0-150400.5.69 * python3-dulwich-0.20.24-150400.5.67 * python3-qt5-devel-debuginfo-5.15.6-150400.5.54 * python3-wxPython-4.1.1-150400.7.54 * python3-matplotlib-gtk3-2.2.5-150400.13.67 * python-gobject-common-devel-3.42.2-150400.10.23 * python3-sip4-4.19.25-150400.8.34 * python3-qt5-quick3d-devel-5.15.6-150400.5.67 * python3-patiencediff-debuginfo-0.2.0-150400.5.69 * python3-qt5-quick3d-debuginfo-5.15.6-150400.5.67 * python3-dmidecode-debuginfo-3.12.2-150400.18.64 * python3-numpy-gnu-hpc-1.17.3-150400.28.34 * python3-matplotlib-2.2.5-150400.13.67 * python3-dmidecode-debugsource-3.12.2-150400.18.64 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-qt5-5.15.6-150400.5.54 * python3-qt5-remoteobjects-devel-5.15.6-150400.5.67 * python3-matplotlib-debugsource-2.2.5-150400.13.67 * python3-numpy_1_17_3-gnu-hpc-1.17.3-150400.28.34 * python3-matplotlib-wx-2.2.5-150400.13.67 * python3-gobject-cairo-3.42.2-150400.10.23 * python3-pycairo-common-devel-1.20.1-150400.5.69 * python3-sip6-debugsource-6.5.0-150400.9.3.92 * python3-sip4-debuginfo-4.19.25-150400.8.34 * python3-ldap-debuginfo-3.4.0-150400.5.69 * python3-alsa-1.1.6-150400.5.69 * python3-semanage-3.1-150400.5.69 * python3-pysmbc-1.0.23-150400.6.69 * python3-geventhttpclient-debugsource-1.4.5-150400.5.69 * python3-qt5-devel-5.15.6-150400.5.54 * python3-sip4-devel-debuginfo-4.19.25-150400.8.34 * python3-pysmbc-debuginfo-1.0.23-150400.6.69 * python3-ldap-debugsource-3.4.0-150400.5.69 * python3-numpy-devel-1.17.3-150400.28.37 * python3-dulwich-debugsource-0.20.24-150400.5.67 * python3-wxPython-debugsource-4.1.1-150400.7.54 * python3-pycairo-devel-1.20.1-150400.5.69 * python3-sip4-debugsource-4.19.25-150400.8.34 * python3-sip6-devel-debuginfo-6.5.0-150400.9.3.92 * python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-150400.28.34 * python3-alsa-debugsource-1.1.6-150400.5.69 * python3-numpy-debugsource-1.17.3-150400.28.37 * python3-matplotlib-latex-2.2.5-150400.13.67 * python3-qt5-remoteobjects-debuginfo-5.15.6-150400.5.67 * python3-geventhttpclient-1.4.5-150400.5.69 * python-sip6-doc-6.5.0-150400.9.3.92 * python-gobject2-devel-2.28.7-150400.14.6.46 * python3-gobject2-debugsource-2.28.7-150400.14.6.46 * python3-patiencediff-0.2.0-150400.5.69 * python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-150400.28.34 * python3-matplotlib-tk-2.2.5-150400.13.67 * python3-ldap-3.4.0-150400.5.69 * python3-libvirt-python-8.0.0-150400.5.69 * python3-wxPython-lang-4.1.1-150400.7.54 * python3-gobject2-debuginfo-2.28.7-150400.14.6.46 * python3-numpy-gnu-hpc-devel-1.17.3-150400.28.34 * python3-numpy-debuginfo-1.17.3-150400.28.37 * python3-qt5-debuginfo-5.15.6-150400.5.67 * python3-gobject-devel-3.42.2-150400.10.23 * python3-matplotlib-qt5-2.2.5-150400.13.67 * python3-qt5-remoteobjects-5.15.6-150400.5.67 * python3-semanage-debugsource-3.1-150400.5.69 * python3-M2Crypto-debuginfo-0.38.0-150400.7.64 * python3-M2Crypto-debugsource-0.38.0-150400.7.64 * python3-wxPython-debuginfo-4.1.1-150400.7.54 * python3-qt5-debugsource-5.15.6-150400.5.67 * python3-sip6-devel-6.5.0-150400.9.3.92 * python3-dmidecode-3.12.2-150400.18.64 * python3-libvirt-python-debugsource-8.0.0-150400.5.69 * python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-150400.28.34 * python3-numpy-1.17.3-150400.28.37 * python3-qt5-sip-debugsource-12.9.0-150400.5.69 * python3-pysmbc-debugsource-1.0.23-150400.6.69 * python3-patiencediff-debugsource-0.2.0-150400.5.69 * python3-matplotlib-cairo-2.2.5-150400.13.67 * python3-M2Crypto-0.38.0-150400.7.64 * python3-dulwich-debuginfo-0.20.24-150400.5.67 * python3-Twisted-22.2.0-150400.12.32 * python3-pycairo-debugsource-1.20.1-150400.5.69 * python3-alsa-debuginfo-1.1.6-150400.5.69 * python3-qt5-quick3d-5.15.6-150400.5.67 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-matplotlib-web-2.2.5-150400.13.67 * python3-sip4-devel-4.19.25-150400.8.34 * python3-geventhttpclient-debuginfo-1.4.5-150400.5.69 * python3-matplotlib-debuginfo-2.2.5-150400.13.67 * python-Twisted-doc-22.2.0-150400.12.32 * python3-qt5-sip-12.9.0-150400.5.69 * python3-libvirt-python-debuginfo-8.0.0-150400.5.69 * python3-pycairo-debuginfo-1.20.1-150400.5.69 * openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64) * python3-gobject-3.42.2-150400.10.23 * python3-gobject-cairo-3.42.2-150400.10.23 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-gobject-Gdk-3.42.2-150400.10.23 * python3-gobject-cairo-debuginfo-3.42.2-150400.10.23 * python3-libvirt-python-8.0.0-150400.5.69 * python3-semanage-debuginfo-3.1-150400.5.69 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-M2Crypto-0.38.0-150400.7.64 * python3-semanage-debugsource-3.1-150400.5.69 * python3-M2Crypto-debugsource-0.38.0-150400.7.64 * python3-M2Crypto-debuginfo-0.38.0-150400.7.64 * python3-semanage-3.1-150400.5.69 * python3-libvirt-python-debugsource-8.0.0-150400.5.69 * python3-libvirt-python-debuginfo-8.0.0-150400.5.69 * openSUSE Leap Micro 5.3 (noarch) * python3-ordered-set-4.0.2-150400.8.34 * python3-evtx-0.5.3b-150400.20.30 * python3-pyOpenSSL-21.0.0-150400.7.62 * openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64) * python3-gobject-3.42.2-150400.10.23 * python3-gobject-cairo-3.42.2-150400.10.23 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-pycairo-1.20.1-150400.5.69 * python3-pycairo-debugsource-1.20.1-150400.5.69 * python3-gobject-Gdk-3.42.2-150400.10.23 * python3-gobject-cairo-debuginfo-3.42.2-150400.10.23 * python3-libvirt-python-8.0.0-150400.5.69 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-M2Crypto-0.38.0-150400.7.64 * python3-M2Crypto-debugsource-0.38.0-150400.7.64 * python3-M2Crypto-debuginfo-0.38.0-150400.7.64 * python3-libvirt-python-debugsource-8.0.0-150400.5.69 * python3-libvirt-python-debuginfo-8.0.0-150400.5.69 * python3-pycairo-debuginfo-1.20.1-150400.5.69 * openSUSE Leap Micro 5.4 (noarch) * python3-ordered-set-4.0.2-150400.8.34 * python3-evtx-0.5.3b-150400.20.30 * python3-pyudev-0.22.0+git.1642212208.d5630bf-150400.5.50 * python3-pyOpenSSL-21.0.0-150400.7.62 * openSUSE Leap 15.5 (noarch) * python3-sphinxcontrib-htmlhelp-2.0.0-150400.5.69 * python3-Sphinx_4_2_0-latex-4.2.0-150400.21.26 * python3-Automat-20.2.0-150400.5.69 * python-sip4-doc-4.19.25-150400.8.34 * python3-evtx-0.5.3b-150400.20.30 * python3-notify2-0.3.1-150400.5.68 * python3-remoto-1.1.4-150400.11.69 * python3-sphinxcontrib-qthelp-1.0.3-150400.5.69 * python3-gi-docgen-2021.7-150400.5.69 * python3-text-unidecode-1.3-150400.5.69 * python3-Sphinx_4_2_0-4.2.0-150400.21.26 * python3-Markdown-3.3.6-150400.8.14 * python3-dpkt-1.9.7.2-150400.5.69 * python3-fastimport-0.9.8-150400.5.69 * python3-pytest-virtualenv-1.7.0-150400.5.68 * python3-more-itertools-8.10.0-150400.5.69 * python3-Flask-Migrate-2.4.0-150400.14.69 * python3-hypothesis-3.66.6-150400.5.69 * python3-pytest-xdist-1.32.0-150400.5.68 * python3-incremental-21.3.0-150400.5.69 * python3-pytest-5.4.3-150400.5.73 * python3-smartypants-2.0.1-150400.5.69 * python3-Flask-1.0.4-150400.7.64 * python3-pytest-shutil-1.7.0-150400.5.69 * python3-atspi-2.38.2-150400.5.68 * python3-check-manifest-0.37-150400.14.69 * python3-sphinxcontrib-applehelp-1.0.2-150400.5.69 * python3-python-xlib-0.29-150400.5.72 * python3-python3-saml-1.7.0-150400.12.69 * python3-M2Crypto-doc-0.38.0-150400.7.64 * python3-yapf-0.31.0-150400.5.69 * python3-setuptools-git-1.2-150400.5.69 * python3-Sphinx-2.3.1-150400.5.69 * python3-python-gnupg-0.4.7-150400.5.69 * python3-pytest-fixture-config-1.7.0-150400.5.69 * python3-pyudev-0.22.0+git.1642212208.d5630bf-150400.5.50 * python3-tox-2.9.1-150400.20.34 * python3-sphinxcontrib-devhelp-1.0.2-150400.5.69 * python3-termcolor-1.1.0-150400.5.69 * python3-Sphinx-latex-2.3.1-150400.5.69 * python-sip4-common-4.19.25-150400.8.34 * python3-pyfakefs-3.4.3-150400.14.69 * python3-pymemcache-1.2.9-150400.16.69 * python3-python-slugify-5.0.2-150400.5.69 * python3-ordered-set-4.0.2-150400.8.34 * python3-typogrify-2.0.7-150400.5.69 * python3-graphviz-0.14.1-150400.6.69 * python3-pyOpenSSL-21.0.0-150400.7.62 * python3-urlgrabber-4.1.0-150400.8.64 * python3-pexpect-4.8.0-150400.17.64 * python3-sphinxcontrib-jsmath-1.0.1-150400.5.69 * python3-Flask-doc-1.0.4-150400.7.64 * python-Sphinx-doc-html-2.3.1-150400.5.67 * python3-pyxb-1.2.6-150400.5.69 * python3-libevdev-0.9-150400.8.34 * python3-dasbus-1.6-150400.5.69 * python3-sphinxcontrib-serializinghtml-1.1.5-150400.5.69 * python3-typing_extensions-3.10.0.0-150400.7.69 * python3-html2text-2020.1.16-150400.8.34 * python3-Paver-1.3.4-150400.5.107 * python3-cogapp-3.0.0-150400.5.69 * python3-flaky-3.4.0-150400.16.69 * python-Sphinx-doc-man-2.3.1-150400.5.67 * python3-python-docs-theme-2022.1-150400.11.69 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-gobject-3.42.2-150400.10.23 * python3-pycairo-1.20.1-150400.5.69 * python3-matplotlib-cairo-2.2.5-150400.13.67 * python3-gobject-Gdk-3.42.2-150400.10.23 * python3-gobject-cairo-debuginfo-3.42.2-150400.10.23 * python3-ldap-3.4.0-150400.5.69 * python3-matplotlib-tk-2.2.5-150400.13.67 * python3-pysmbc-debuginfo-1.0.23-150400.6.69 * python3-sip4-devel-debuginfo-4.19.25-150400.8.34 * python3-semanage-debuginfo-3.1-150400.5.69 * python3-M2Crypto-0.38.0-150400.7.64 * python3-wxPython-lang-4.1.1-150400.7.54 * python3-dulwich-debuginfo-0.20.24-150400.5.67 * python3-gobject2-2.28.7-150400.14.6.46 * python3-gobject2-debuginfo-2.28.7-150400.14.6.46 * python3-ldap-debugsource-3.4.0-150400.5.69 * python3-Twisted-22.2.0-150400.12.32 * python3-dulwich-0.20.24-150400.5.67 * python3-numpy-gnu-hpc-devel-1.17.3-150400.28.34 * python3-numpy-debuginfo-1.17.3-150400.28.37 * python3-matplotlib-gtk3-2.2.5-150400.13.67 * python-gobject-common-devel-3.42.2-150400.10.23 * python3-dulwich-debugsource-0.20.24-150400.5.67 * python3-numpy-devel-1.17.3-150400.28.37 * python3-sip4-4.19.25-150400.8.34 * python3-wxPython-4.1.1-150400.7.54 * python3-pycairo-debugsource-1.20.1-150400.5.69 * python3-gobject-devel-3.42.2-150400.10.23 * python3-matplotlib-qt5-2.2.5-150400.13.67 * python3-alsa-debuginfo-1.1.6-150400.5.69 * python3-patiencediff-debuginfo-0.2.0-150400.5.69 * python3-wxPython-debugsource-4.1.1-150400.7.54 * python3-pycairo-devel-1.20.1-150400.5.69 * python3-semanage-debugsource-3.1-150400.5.69 * python3-sip4-debugsource-4.19.25-150400.8.34 * python3-M2Crypto-debugsource-0.38.0-150400.7.64 * python3-M2Crypto-debuginfo-0.38.0-150400.7.64 * python3-dmidecode-debuginfo-3.12.2-150400.18.64 * python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-150400.28.34 * python3-numpy-gnu-hpc-1.17.3-150400.28.34 * python3-alsa-debugsource-1.1.6-150400.5.69 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-matplotlib-web-2.2.5-150400.13.67 * python3-matplotlib-2.2.5-150400.13.67 * python3-sip4-devel-4.19.25-150400.8.34 * python3-wxPython-debuginfo-4.1.1-150400.7.54 * python3-numpy-debugsource-1.17.3-150400.28.37 * python3-dmidecode-debugsource-3.12.2-150400.18.64 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-dmidecode-3.12.2-150400.18.64 * python3-gobject2-debugsource-2.28.7-150400.14.6.46 * python3-matplotlib-debugsource-2.2.5-150400.13.67 * python3-numpy_1_17_3-gnu-hpc-1.17.3-150400.28.34 * python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-150400.28.34 * python3-matplotlib-latex-2.2.5-150400.13.67 * python3-matplotlib-wx-2.2.5-150400.13.67 * python3-gobject-cairo-3.42.2-150400.10.23 * python3-numpy-1.17.3-150400.28.37 * python3-patiencediff-0.2.0-150400.5.69 * python3-pycairo-common-devel-1.20.1-150400.5.69 * python3-geventhttpclient-1.4.5-150400.5.69 * python3-sip4-debuginfo-4.19.25-150400.8.34 * python3-ldap-debuginfo-3.4.0-150400.5.69 * python3-matplotlib-debuginfo-2.2.5-150400.13.67 * python3-alsa-1.1.6-150400.5.69 * python3-semanage-3.1-150400.5.69 * python3-pysmbc-1.0.23-150400.6.69 * python3-geventhttpclient-debuginfo-1.4.5-150400.5.69 * python3-geventhttpclient-debugsource-1.4.5-150400.5.69 * python3-pycairo-debuginfo-1.20.1-150400.5.69 * python3-pysmbc-debugsource-1.0.23-150400.6.69 * python3-patiencediff-debugsource-0.2.0-150400.5.69 * python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-150400.28.34 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-gobject-3.42.2-150400.10.23 * python3-gobject-cairo-3.42.2-150400.10.23 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-gobject-Gdk-3.42.2-150400.10.23 * python3-gobject-cairo-debuginfo-3.42.2-150400.10.23 * python3-libvirt-python-8.0.0-150400.5.69 * python3-semanage-debuginfo-3.1-150400.5.69 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-M2Crypto-0.38.0-150400.7.64 * python3-semanage-debugsource-3.1-150400.5.69 * python3-M2Crypto-debugsource-0.38.0-150400.7.64 * python3-M2Crypto-debuginfo-0.38.0-150400.7.64 * python3-semanage-3.1-150400.5.69 * python3-libvirt-python-debugsource-8.0.0-150400.5.69 * python3-libvirt-python-debuginfo-8.0.0-150400.5.69 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-ordered-set-4.0.2-150400.8.34 * python3-evtx-0.5.3b-150400.20.30 * python3-pyOpenSSL-21.0.0-150400.7.62 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-gobject-3.42.2-150400.10.23 * python3-gobject-cairo-3.42.2-150400.10.23 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-gobject-Gdk-3.42.2-150400.10.23 * python3-gobject-cairo-debuginfo-3.42.2-150400.10.23 * python3-libvirt-python-8.0.0-150400.5.69 * python3-semanage-debuginfo-3.1-150400.5.69 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-M2Crypto-0.38.0-150400.7.64 * python3-semanage-debugsource-3.1-150400.5.69 * python3-M2Crypto-debugsource-0.38.0-150400.7.64 * python3-M2Crypto-debuginfo-0.38.0-150400.7.64 * python3-semanage-3.1-150400.5.69 * python3-libvirt-python-debugsource-8.0.0-150400.5.69 * python3-libvirt-python-debuginfo-8.0.0-150400.5.69 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-ordered-set-4.0.2-150400.8.34 * python3-evtx-0.5.3b-150400.20.30 * python3-pyOpenSSL-21.0.0-150400.7.62 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-gobject-3.42.2-150400.10.23 * python3-gobject-cairo-3.42.2-150400.10.23 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-pycairo-1.20.1-150400.5.69 * python3-pycairo-debugsource-1.20.1-150400.5.69 * python3-gobject-Gdk-3.42.2-150400.10.23 * python3-gobject-cairo-debuginfo-3.42.2-150400.10.23 * python3-libvirt-python-8.0.0-150400.5.69 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-M2Crypto-0.38.0-150400.7.64 * python3-M2Crypto-debugsource-0.38.0-150400.7.64 * python3-M2Crypto-debuginfo-0.38.0-150400.7.64 * python3-libvirt-python-debugsource-8.0.0-150400.5.69 * python3-libvirt-python-debuginfo-8.0.0-150400.5.69 * python3-pycairo-debuginfo-1.20.1-150400.5.69 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-ordered-set-4.0.2-150400.8.34 * python3-evtx-0.5.3b-150400.20.30 * python3-pyudev-0.22.0+git.1642212208.d5630bf-150400.5.50 * python3-pyOpenSSL-21.0.0-150400.7.62 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-gobject-3.42.2-150400.10.23 * python3-gobject-cairo-3.42.2-150400.10.23 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-pycairo-1.20.1-150400.5.69 * python3-pycairo-debugsource-1.20.1-150400.5.69 * python3-gobject-Gdk-3.42.2-150400.10.23 * python3-gobject-cairo-debuginfo-3.42.2-150400.10.23 * python3-libvirt-python-8.0.0-150400.5.69 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-M2Crypto-0.38.0-150400.7.64 * python3-M2Crypto-debugsource-0.38.0-150400.7.64 * python3-M2Crypto-debuginfo-0.38.0-150400.7.64 * python3-libvirt-python-debugsource-8.0.0-150400.5.69 * python3-libvirt-python-debuginfo-8.0.0-150400.5.69 * python3-pycairo-debuginfo-1.20.1-150400.5.69 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-ordered-set-4.0.2-150400.8.34 * python3-evtx-0.5.3b-150400.20.30 * python3-pyudev-0.22.0+git.1642212208.d5630bf-150400.5.50 * python3-pyOpenSSL-21.0.0-150400.7.62 * Basesystem Module 15-SP4 (noarch) * python3-sphinxcontrib-htmlhelp-2.0.0-150400.5.69 * python3-notify2-0.3.1-150400.5.68 * python3-sphinxcontrib-qthelp-1.0.3-150400.5.69 * python3-Sphinx_4_2_0-4.2.0-150400.21.26 * python3-fastimport-0.9.8-150400.5.69 * python3-more-itertools-8.10.0-150400.5.69 * python3-Flask-Migrate-2.4.0-150400.14.69 * python3-Flask-1.0.4-150400.7.64 * python3-atspi-2.38.2-150400.5.68 * python3-sphinxcontrib-applehelp-1.0.2-150400.5.69 * python3-python3-saml-1.7.0-150400.12.69 * python3-sip-devel-6.5.0-150400.5.69 * python3-python-gnupg-0.4.7-150400.5.69 * python3-pyudev-0.22.0+git.1642212208.d5630bf-150400.5.50 * python3-sphinxcontrib-devhelp-1.0.2-150400.5.69 * python3-ordered-set-4.0.2-150400.8.34 * python3-pyOpenSSL-21.0.0-150400.7.62 * python3-pexpect-4.8.0-150400.17.64 * python3-sphinxcontrib-jsmath-1.0.1-150400.5.69 * python3-sphinxcontrib-serializinghtml-1.1.5-150400.5.69 * python3-dasbus-1.6-150400.5.69 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-gobject-3.42.2-150400.10.23 * python3-pycairo-1.20.1-150400.5.69 * python3-gobject-Gdk-3.42.2-150400.10.23 * python3-gobject-cairo-debuginfo-3.42.2-150400.10.23 * python3-ldap-3.4.0-150400.5.69 * python3-libvirt-python-8.0.0-150400.5.69 * python3-semanage-debuginfo-3.1-150400.5.69 * python3-M2Crypto-0.38.0-150400.7.64 * python3-dulwich-debuginfo-0.20.24-150400.5.67 * python3-gobject2-2.28.7-150400.14.6.46 * python3-gobject2-debuginfo-2.28.7-150400.14.6.46 * python3-ldap-debugsource-3.4.0-150400.5.69 * python3-dulwich-0.20.24-150400.5.67 * python3-numpy-debuginfo-1.17.3-150400.28.37 * python3-numpy-devel-1.17.3-150400.28.37 * python3-dulwich-debugsource-0.20.24-150400.5.67 * python3-pycairo-debugsource-1.20.1-150400.5.69 * python3-patiencediff-debuginfo-0.2.0-150400.5.69 * python3-semanage-debugsource-3.1-150400.5.69 * python3-M2Crypto-debugsource-0.38.0-150400.7.64 * python3-M2Crypto-debuginfo-0.38.0-150400.7.64 * python3-sip6-devel-debuginfo-6.5.0-150400.9.3.92 * python3-dmidecode-debuginfo-3.12.2-150400.18.64 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-numpy-debugsource-1.17.3-150400.28.37 * python3-dmidecode-debugsource-3.12.2-150400.18.64 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-sip6-devel-6.5.0-150400.9.3.92 * python3-dmidecode-3.12.2-150400.18.64 * python3-libvirt-python-debugsource-8.0.0-150400.5.69 * python3-patiencediff-0.2.0-150400.5.69 * python3-gobject-cairo-3.42.2-150400.10.23 * python3-numpy-1.17.3-150400.28.37 * python3-sip6-debugsource-6.5.0-150400.9.3.92 * python3-ldap-debuginfo-3.4.0-150400.5.69 * python3-semanage-3.1-150400.5.69 * python3-gobject2-debugsource-2.28.7-150400.14.6.46 * python3-libvirt-python-debuginfo-8.0.0-150400.5.69 * python3-patiencediff-debugsource-0.2.0-150400.5.69 * python3-pycairo-debuginfo-1.20.1-150400.5.69 * Basesystem Module 15-SP5 (noarch) * python3-sphinxcontrib-htmlhelp-2.0.0-150400.5.69 * python3-notify2-0.3.1-150400.5.68 * python3-sphinxcontrib-qthelp-1.0.3-150400.5.69 * python3-Sphinx_4_2_0-4.2.0-150400.21.26 * python3-fastimport-0.9.8-150400.5.69 * python3-more-itertools-8.10.0-150400.5.69 * python3-Flask-Migrate-2.4.0-150400.14.69 * python3-Flask-1.0.4-150400.7.64 * python3-atspi-2.38.2-150400.5.68 * python3-sphinxcontrib-applehelp-1.0.2-150400.5.69 * python3-python3-saml-1.7.0-150400.12.69 * python3-python-gnupg-0.4.7-150400.5.69 * python3-pyudev-0.22.0+git.1642212208.d5630bf-150400.5.50 * python3-sphinxcontrib-devhelp-1.0.2-150400.5.69 * python3-ordered-set-4.0.2-150400.8.34 * python3-pyOpenSSL-21.0.0-150400.7.62 * python3-pexpect-4.8.0-150400.17.64 * python3-sphinxcontrib-jsmath-1.0.1-150400.5.69 * python3-libevdev-0.9-150400.8.34 * python3-dasbus-1.6-150400.5.69 * python3-sphinxcontrib-serializinghtml-1.1.5-150400.5.69 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-gobject-3.42.2-150400.10.23 * python3-pycairo-1.20.1-150400.5.69 * python3-gobject-Gdk-3.42.2-150400.10.23 * python3-gobject-cairo-debuginfo-3.42.2-150400.10.23 * python3-ldap-3.4.0-150400.5.69 * python3-semanage-debuginfo-3.1-150400.5.69 * python3-M2Crypto-0.38.0-150400.7.64 * python3-dulwich-debuginfo-0.20.24-150400.5.67 * python3-gobject2-2.28.7-150400.14.6.46 * python3-gobject2-debuginfo-2.28.7-150400.14.6.46 * python3-ldap-debugsource-3.4.0-150400.5.69 * python3-dulwich-0.20.24-150400.5.67 * python3-numpy-debuginfo-1.17.3-150400.28.37 * python3-numpy-devel-1.17.3-150400.28.37 * python3-dulwich-debugsource-0.20.24-150400.5.67 * python3-pycairo-debugsource-1.20.1-150400.5.69 * python3-patiencediff-debuginfo-0.2.0-150400.5.69 * python3-semanage-debugsource-3.1-150400.5.69 * python3-M2Crypto-debugsource-0.38.0-150400.7.64 * python3-M2Crypto-debuginfo-0.38.0-150400.7.64 * python3-dmidecode-debuginfo-3.12.2-150400.18.64 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-numpy-debugsource-1.17.3-150400.28.37 * python3-dmidecode-debugsource-3.12.2-150400.18.64 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-dmidecode-3.12.2-150400.18.64 * python3-patiencediff-0.2.0-150400.5.69 * python3-gobject-cairo-3.42.2-150400.10.23 * python3-numpy-1.17.3-150400.28.37 * python3-ldap-debuginfo-3.4.0-150400.5.69 * python3-semanage-3.1-150400.5.69 * python3-gobject2-debugsource-2.28.7-150400.14.6.46 * python3-patiencediff-debugsource-0.2.0-150400.5.69 * python3-pycairo-debuginfo-1.20.1-150400.5.69 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-qt5-debuginfo-5.15.6-150400.5.67 * python3-qt5-debugsource-5.15.6-150400.5.67 * python3-qt5-devel-5.15.6-150400.5.54 * python3-pysmbc-debuginfo-1.0.23-150400.6.69 * python3-qt5-sip-debugsource-12.9.0-150400.5.69 * python3-pysmbc-1.0.23-150400.6.69 * python3-qt5-sip-12.9.0-150400.5.69 * python3-qt5-5.15.6-150400.5.54 * python3-pysmbc-debugsource-1.0.23-150400.6.69 * python3-qt5-sip-debuginfo-12.9.0-150400.5.69 * python3-qt5-devel-debuginfo-5.15.6-150400.5.54 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-pysmbc-debugsource-1.0.23-150400.6.69 * python3-pysmbc-debuginfo-1.0.23-150400.6.69 * python3-pysmbc-1.0.23-150400.6.69 * Development Tools Module 15-SP4 (noarch) * python3-tox-2.9.1-150400.20.34 * python3-Sphinx-2.3.1-150400.5.69 * python3-pyfakefs-3.4.3-150400.14.69 * Development Tools Module 15-SP5 (noarch) * python3-tox-2.9.1-150400.20.34 * python3-Sphinx-2.3.1-150400.5.69 * python3-pyfakefs-3.4.3-150400.14.69 * HPC Module 15-SP4 (aarch64 x86_64) * python3-numpy-gnu-hpc-devel-1.17.3-150400.28.34 * python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-150400.28.34 * python3-numpy_1_17_3-gnu-hpc-1.17.3-150400.28.34 * python3-numpy-gnu-hpc-1.17.3-150400.28.34 * python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-150400.28.34 * python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-150400.28.34 * HPC Module 15-SP5 (aarch64 x86_64) * python3-numpy-gnu-hpc-devel-1.17.3-150400.28.34 * python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-150400.28.34 * python3-numpy_1_17_3-gnu-hpc-1.17.3-150400.28.34 * python3-numpy-gnu-hpc-1.17.3-150400.28.34 * python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-150400.28.34 * python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-150400.28.34 * Legacy Module 15-SP4 (noarch) * python3-urlgrabber-4.1.0-150400.8.64 * Legacy Module 15-SP5 (noarch) * python3-urlgrabber-4.1.0-150400.8.64 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-wxPython-4.1.1-150400.7.54 * python3-matplotlib-gtk3-2.2.5-150400.13.67 * python3-gobject-debugsource-3.42.2-150400.10.23 * python-gobject-common-devel-3.42.2-150400.10.23 * python3-matplotlib-2.2.5-150400.13.67 * python3-wxPython-debuginfo-4.1.1-150400.7.54 * python3-gobject-devel-3.42.2-150400.10.23 * python3-matplotlib-debuginfo-2.2.5-150400.13.67 * python3-matplotlib-qt5-2.2.5-150400.13.67 * python3-wxPython-debugsource-4.1.1-150400.7.54 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-matplotlib-debugsource-2.2.5-150400.13.67 * SUSE Package Hub 15 15-SP4 (noarch) * python3-python-xlib-0.29-150400.5.72 * python3-hypothesis-3.66.6-150400.5.69 * python3-pytest-5.4.3-150400.5.73 * python3-html2text-2020.1.16-150400.8.34 * python3-termcolor-1.1.0-150400.5.69 * python3-Markdown-3.3.6-150400.8.14 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-matplotlib-cairo-2.2.5-150400.13.67 * python3-matplotlib-tk-2.2.5-150400.13.67 * python3-ldap-debugsource-3.4.0-150400.5.69 * python3-wxPython-4.1.1-150400.7.54 * python3-matplotlib-gtk3-2.2.5-150400.13.67 * python-gobject-common-devel-3.42.2-150400.10.23 * python3-gobject-devel-3.42.2-150400.10.23 * python3-matplotlib-qt5-2.2.5-150400.13.67 * python3-alsa-debuginfo-1.1.6-150400.5.69 * python3-wxPython-debugsource-4.1.1-150400.7.54 * python3-alsa-debugsource-1.1.6-150400.5.69 * python3-gobject-debugsource-3.42.2-150400.10.23 * python3-matplotlib-web-2.2.5-150400.13.67 * python3-matplotlib-2.2.5-150400.13.67 * python3-wxPython-debuginfo-4.1.1-150400.7.54 * python3-gobject-debuginfo-3.42.2-150400.10.23 * python3-matplotlib-debugsource-2.2.5-150400.13.67 * python3-matplotlib-latex-2.2.5-150400.13.67 * python3-geventhttpclient-1.4.5-150400.5.69 * python3-matplotlib-debuginfo-2.2.5-150400.13.67 * python3-alsa-1.1.6-150400.5.69 * python3-geventhttpclient-debuginfo-1.4.5-150400.5.69 * python3-geventhttpclient-debugsource-1.4.5-150400.5.69 * SUSE Package Hub 15 15-SP5 (noarch) * python3-python-xlib-0.29-150400.5.72 * python3-hypothesis-3.66.6-150400.5.69 * python3-pytest-5.4.3-150400.5.73 * python3-html2text-2020.1.16-150400.8.34 * python3-termcolor-1.1.0-150400.5.69 * python3-Markdown-3.3.6-150400.8.14 * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * python3-numpy-gnu-hpc-devel-1.17.3-150400.28.34 * python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-150400.28.34 * python3-numpy_1_17_3-gnu-hpc-1.17.3-150400.28.34 * python3-numpy-gnu-hpc-1.17.3-150400.28.34 * python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-150400.28.34 * python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-150400.28.34 * Server Applications Module 15-SP4 (noarch) * python3-incremental-21.3.0-150400.5.69 * python3-Automat-20.2.0-150400.5.69 * python3-evtx-0.5.3b-150400.20.30 * python3-typing_extensions-3.10.0.0-150400.7.69 * python3-text-unidecode-1.3-150400.5.69 * python3-python-slugify-5.0.2-150400.5.69 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.12.32 * Server Applications Module 15-SP5 (noarch) * python3-incremental-21.3.0-150400.5.69 * python3-Automat-20.2.0-150400.5.69 * python3-typing_extensions-3.10.0.0-150400.7.69 * python3-text-unidecode-1.3-150400.5.69 * python3-python-slugify-5.0.2-150400.5.69 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-Twisted-22.2.0-150400.12.32 ## References: * https://jira.suse.com/browse/PED-68 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 08:57:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 08:57:19 -0000 Subject: SUSE-RU-2023:3467-1: moderate: Recommended update for samba Message-ID: <169329943908.30643.3344996784988744114@smelt2.suse.de> # Recommended update for samba Announcement ID: SUSE-RU-2023:3467-1 Rating: moderate References: * #1213940 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for samba fixes the following issues: * Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3467=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3467=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3467=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3467=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3467=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3467=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3467=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3467=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3467=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3467=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3467=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * samba-client-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-python3-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-gpupdate-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-tool-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * samba-ceph-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * samba-client-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-python3-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-gpupdate-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-tool-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Manager Proxy 4.2 (x86_64) * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-python3-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-gpupdate-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-tool-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-python3-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-gpupdate-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-tool-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * samba-client-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-python3-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-gpupdate-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-tool-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Manager Server 4.2 (x86_64) * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * samba-client-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-python3-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * ctdb-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * ctdb-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-gpupdate-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-tool-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Enterprise Storage 7.1 (x86_64) * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * samba-client-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * samba-client-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * ctdb-4.15.13+git.666.851db7b9ff-150300.3.60.1 * ctdb-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * samba-client-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-python3-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-gpupdate-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-tool-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * samba-client-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-dsdb-modules-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy0-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debugsource-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-python3-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ldb-ldap-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * libsamba-policy-python3-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-python3-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-gpupdate-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-tool-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ceph-4.15.13+git.666.851db7b9ff-150300.3.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-devel-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-ad-dc-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-winbind-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-libs-32bit-4.15.13+git.666.851db7b9ff-150300.3.60.1 * samba-client-libs-32bit-debuginfo-4.15.13+git.666.851db7b9ff-150300.3.60.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213940 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 08:57:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 08:57:23 -0000 Subject: SUSE-RU-2023:3466-1: moderate: Recommended update for icu Message-ID: <169329944362.30643.16095350888519174654@smelt2.suse.de> # Recommended update for icu Announcement ID: SUSE-RU-2023:3466-1 Rating: moderate References: * #1103893 * #1112183 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has two recommended fixes can now be installed. ## Description: This update for icu fixes the following issues: * Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3466=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3466=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3466=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3466=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3466=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3466=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3466=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3466=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3466=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3466=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3466=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3466=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3466=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3466=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3466=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3466=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3466=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3466=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * icu-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * icu-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * openSUSE Leap Micro 5.4 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.8.1 * icu-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * icu-debuginfo-65.1-150200.4.8.1 * libicu-devel-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * libicu-doc-65.1-150200.4.8.1 * openSUSE Leap 15.4 (x86_64) * libicu-devel-32bit-65.1-150200.4.8.1 * libicu-suse65_1-32bit-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-32bit-65.1-150200.4.8.1 * openSUSE Leap 15.4 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.8.1 * icu-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * icu-debuginfo-65.1-150200.4.8.1 * libicu-devel-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * libicu-doc-65.1-150200.4.8.1 * openSUSE Leap 15.5 (x86_64) * libicu-devel-32bit-65.1-150200.4.8.1 * libicu-suse65_1-32bit-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-32bit-65.1-150200.4.8.1 * openSUSE Leap 15.5 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * icu-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * icu-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * icu-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * icu-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * icu-debuginfo-65.1-150200.4.8.1 * libicu-devel-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * Basesystem Module 15-SP4 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * icu-debuginfo-65.1-150200.4.8.1 * libicu-devel-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * Basesystem Module 15-SP5 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * icu-65.1-150200.4.8.1 * icu-debuginfo-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * icu-65.1-150200.4.8.1 * icu-debuginfo-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * SUSE Manager Proxy 4.2 (x86_64) * icu-debugsource-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * icu-debuginfo-65.1-150200.4.8.1 * libicu-devel-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * SUSE Manager Proxy 4.2 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * icu-debugsource-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * icu-debuginfo-65.1-150200.4.8.1 * libicu-devel-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * icu-debugsource-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * icu-debuginfo-65.1-150200.4.8.1 * libicu-devel-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * SUSE Manager Server 4.2 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * icu-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * icu-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * icu-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-debuginfo-65.1-150200.4.8.1 * libicu-suse65_1-65.1-150200.4.8.1 * icu-debugsource-65.1-150200.4.8.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libicu65_1-ledata-65.1-150200.4.8.1 * libicu65_1-bedata-65.1-150200.4.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1103893 * https://bugzilla.suse.com/show_bug.cgi?id=1112183 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 08:57:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 08:57:26 -0000 Subject: SUSE-RU-2023:3465-1: moderate: Recommended update for samba Message-ID: <169329944600.30643.15105501478183080018@smelt2.suse.de> # Recommended update for samba Announcement ID: SUSE-RU-2023:3465-1 Rating: moderate References: * #1213607 * #1213826 * #1213940 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has three recommended fixes can now be installed. ## Description: This update for samba fixes the following issues: * Fix DFS not working with widelinks enabled; (bsc#1213607) * Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940) * net ads lookup with unspecified realm fails (bsc#1213826) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3465=1 openSUSE-SLE-15.5-2023-3465=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3465=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3465=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * samba-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-python3-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-tool-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-ldb-ldap-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy-devel-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy-python3-devel-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy0-python3-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-python3-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-gpupdate-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-4.17.9+git.387.ca59f91f61-150500.3.8.1 * ctdb-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-libs-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-debugsource-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 * ctdb-pcp-pmda-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-python3-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-ldb-ldap-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * ctdb-pcp-pmda-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-python3-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-test-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy0-python3-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-libs-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * ctdb-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-devel-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-test-4.17.9+git.387.ca59f91f61-150500.3.8.1 * openSUSE Leap 15.5 (x86_64) * samba-client-libs-32bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-devel-32bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-libs-32bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-32bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-python3-32bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-32bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-libs-32bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-32bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-libs-32bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-python3-32bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy0-python3-32bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy0-python3-32bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-32bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * openSUSE Leap 15.5 (noarch) * samba-doc-4.17.9+git.387.ca59f91f61-150500.3.8.1 * openSUSE Leap 15.5 (aarch64 x86_64) * samba-ceph-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-ceph-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libsamba-policy0-python3-64bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-python3-64bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-libs-64bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-64bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-libs-64bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy0-python3-64bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-devel-64bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-libs-64bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-64bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-libs-64bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-python3-64bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-64bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-64bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * samba-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-python3-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-tool-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-ldb-ldap-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy-devel-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy-python3-devel-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy0-python3-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-python3-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-gpupdate-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-libs-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-debugsource-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-python3-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-ldb-ldap-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-python3-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-libs-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * libsamba-policy0-python3-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-devel-4.17.9+git.387.ca59f91f61-150500.3.8.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * samba-ceph-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-ceph-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * Basesystem Module 15-SP5 (x86_64) * samba-client-libs-32bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-libs-32bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-winbind-libs-32bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-client-libs-32bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-32bit-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-libs-32bit-4.17.9+git.387.ca59f91f61-150500.3.8.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * samba-debugsource-4.17.9+git.387.ca59f91f61-150500.3.8.1 * ctdb-4.17.9+git.387.ca59f91f61-150500.3.8.1 * samba-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 * ctdb-debuginfo-4.17.9+git.387.ca59f91f61-150500.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213607 * https://bugzilla.suse.com/show_bug.cgi?id=1213826 * https://bugzilla.suse.com/show_bug.cgi?id=1213940 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:27 -0000 Subject: SUSE-FU-2023:3484-1: moderate: Feature update for bind Message-ID: <169331222738.30880.6337818518962761865@smelt2.suse.de> # Feature update for bind Announcement ID: SUSE-FU-2023:3484-1 Rating: moderate References: * #1213049 * PED-4852 * PED-4853 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features and has one feature fix can now be installed. ## Description: This update for bind fixes the following issues: * Add dnstap support (jsc#PED-4852, jsc#PED-4853) * Log named-checkconf output (bsc#1213049) * Update to release 9.16.43 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3484=1 openSUSE-SLE-15.4-2023-3484=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3484=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3484=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * bind-debugsource-9.16.43-150400.5.34.1 * bind-9.16.43-150400.5.34.1 * bind-utils-9.16.43-150400.5.34.1 * bind-debuginfo-9.16.43-150400.5.34.1 * bind-utils-debuginfo-9.16.43-150400.5.34.1 * openSUSE Leap 15.4 (noarch) * bind-doc-9.16.43-150400.5.34.1 * python3-bind-9.16.43-150400.5.34.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * bind-debuginfo-9.16.43-150400.5.34.1 * bind-utils-9.16.43-150400.5.34.1 * bind-utils-debuginfo-9.16.43-150400.5.34.1 * bind-debugsource-9.16.43-150400.5.34.1 * Basesystem Module 15-SP4 (noarch) * python3-bind-9.16.43-150400.5.34.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * bind-debuginfo-9.16.43-150400.5.34.1 * bind-9.16.43-150400.5.34.1 * bind-debugsource-9.16.43-150400.5.34.1 * Server Applications Module 15-SP4 (noarch) * bind-doc-9.16.43-150400.5.34.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213049 * https://jira.suse.com/browse/PED-4852 * https://jira.suse.com/browse/PED-4853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:31 -0000 Subject: SUSE-RU-2023:3483-1: low: Recommended update for parted Message-ID: <169331223137.30880.2655112168683796558@smelt2.suse.de> # Recommended update for parted Announcement ID: SUSE-RU-2023:3483-1 Rating: low References: * #1186371 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that has one recommended fix can now be installed. ## Description: This update for parted fixes the following issues: * fix dm sector size (bsc#1186371) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3483=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3483=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3483=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3483=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3483=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * parted-debugsource-3.1-37.26.1 * libparted0-debuginfo-32bit-3.1-37.26.1 * libparted0-32bit-3.1-37.26.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * parted-lang-3.1-37.26.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * parted-debuginfo-3.1-37.26.1 * parted-debugsource-3.1-37.26.1 * parted-devel-3.1-37.26.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * parted-3.1-37.26.1 * parted-debugsource-3.1-37.26.1 * libparted0-3.1-37.26.1 * parted-debuginfo-3.1-37.26.1 * libparted0-debuginfo-3.1-37.26.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * parted-3.1-37.26.1 * parted-debugsource-3.1-37.26.1 * libparted0-3.1-37.26.1 * parted-debuginfo-3.1-37.26.1 * libparted0-debuginfo-3.1-37.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * parted-3.1-37.26.1 * parted-debugsource-3.1-37.26.1 * libparted0-3.1-37.26.1 * parted-debuginfo-3.1-37.26.1 * libparted0-debuginfo-3.1-37.26.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1186371 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:33 -0000 Subject: SUSE-FU-2023:3482-1: moderate: Feature update for gtk4 Message-ID: <169331223388.30880.16224160429117194809@smelt2.suse.de> # Feature update for gtk4 Announcement ID: SUSE-FU-2023:3482-1 Rating: moderate References: * PED-2423 * PED-2645 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This update for gtk4 fixes the following issues: Version update from 4.6.0 to 4.6.9 (jsc#PED-2645, jsc#PED-2423): * Changes in 4.6.9: * GtkText: Prevent unexpected notify::direction emissions * Wayland: Fix button masks * X11: Fix some ordering problems with surface destruction * Translation updates * Changes in 4.6.8: * Input: Fix problems with input method interactions that caused dead keys not to work * GtkText: Respect the no-emoji input hint fully * GtkNotebook: * Fix an infinite loop in accessibility code * Event handling fixes * GtkFileChooser: Restore ~ and .functionality * GtkTreeView: Event handling fixes * GtkTreeListModel: Prevent possible crashes with collapsed nodes * GtkGridView: Fix issues with rubberband selection * GtkEmojiChooser: Fix navigation with arrow keys when filtered * GtkPopover: * Fix problems with focus when dismissing popovers * Fix problems with focusing editable labels in popovers * GtkStackSidebar: Improve accessible presentation * Wayland: * Make gtk_launch_uri more robust * Make monitor bounds handling more robust * Prevent shrinking clients due to wrong toplevel bounds * Flatpak: Fix file DND with the FileTransfer portal * Changes in 4.6.7: * Miscellaneous memory leak fixes * GtkTreeView: * Fix a problem with DND * Fix a problem with row selection * GtkTreePopover: Support scrolling * GtkGridView: Fix issues with rubberband selection * GtkSnapshot: Make GtkSnapshot work from bindings * X11: Fix preferred action for DND * Windows: Fix DND * Changes in 4.6.6: * Fix translations in GTKs own ui files * Wayland: * Fix a problem with the activation protocol * Don't force the HighContrast icontheme * Windows: Fix a problem with builtin icons if the hicolor icontheme is not installed * Changes in 4.6.5: * GtkFileChooser: Fix pasting text into the name field. * GtkText: Remove an assertion that is sometimes hit. * Wayland: Ensure that our cursor surfaces don't violate protocol constraints. * Accssibility: Fix a problem in the accessibility tree. * Changes in 4.6.4: * GtkFileChooser: * Fix select button sensitivity in select_folder mode. * Fix some fallout from list model porting. * GtkListView, GtkColumnView: Optimize scrolling. * print-to-file: Handle nonexisting files better in the dialog. * Avoid infinite loops in size allocation. * CSS: Optimize a case of reparenting that is important in GtkListView. * GSK: Check for half-float support before using it. * Wayland: * Ignore empty preedit updates This fixes a problem with textview scrolling. * Freeze popups when hidden. This addresses a frame rate drop- * Changes in 4.6.3: * GtkOverlay: Bring back positional style classes. * GtkFileChooser: * Prevent unwanted completion popups. * Fix small problems in save mode. * Fix buildable suport of GtkFileFilter. * GtkPopover: Fix button positions in right-to-left locales. * GtkLabel: Fix small issues with link handling. * Tooltips: Don't restrict the minimum tooltip length. * Theme: * Don't use opacity for overlay scrollbars. * Fix selection text color in vertical spin buttons. * GSK: * Accept textures that are generated by webkit. * Align offscreen rendering to the pixel grid. * Accessibility: Fix a crash in startup when orca is running. * Input: * Fix display changes in GtkIMMultiContext. * Fix activating on-screen keyboards. * Always propagate hold events in GtkEventControllerScroll. * Windows: * Fix a critical warning in clipboard handling. * Report serial numbers for events. * Changes in 4.6.2: * GtkScrolledWindow: * Set scroll-to-focus on viewports * Avoid doubly triggering deceleration * GtkEntry: Stop cursor blinking on focus-out * Emoji: * Update Emoji data to CLDR 40 and Unicode 14 * Add more locales for Emoji data * GDK: * Optimize texture conversions on x86 and ARM * Use EGK_KHR_swap_buffers_with_damage if available * GSK: * Avoid clearing opaque regions * Support using a non-default framebuffer * Handle large viewports by tiling * Wayland: * Prefer xdg-activation over gtk-shell * text protocol: Fix text caret location * text protocol: Use serials to control outbound messages * Inspector: Show app ID and resource path * Demos: widget-factory: Handle F11 to toggle fullscreen * Tools: gtk-builder-tool: Allow use without display * Changes in 4.6.1: * GtkFontChooser: * Stop using PangoFc api * Fix a crash * Use new HarfBuzz api * GtkMenuButton: Update accessible description * GtkTextView: Fix intra-widget dnd * Printing: Fix an fd leak * Input: * Make sure input methods get focus-in events * Always flush events to avoid scroll event pileup * Support hold events * Update keysyms from libxkbcommon * Theme: Improve text selection legibility * Introspection: Add missing nullable annotations everywhere * Build: * Make stack noexec again * Avoid symbol leaks * Drop unneeded script data * Wayland: * Fix support for the new high-contrast setting * Avoid redundant scale changes * Fix DND hotspot handling * Don't always restore the saved size when floating ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3482=1 SUSE-2023-3482=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3482=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3482=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3482=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3482=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3482=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gtk4-debugsource-4.6.9-150400.3.6.2 * gtk4-tools-4.6.9-150400.3.6.2 * gtk4-devel-debuginfo-4.6.9-150400.3.6.2 * libgtk-4-1-debuginfo-4.6.9-150400.3.6.2 * gettext-its-gtk4-4.6.9-150400.3.6.2 * typelib-1_0-Gtk-4_0-4.6.9-150400.3.6.2 * gtk4-tools-debuginfo-4.6.9-150400.3.6.2 * gtk4-devel-4.6.9-150400.3.6.2 * gtk4-debuginfo-4.6.9-150400.3.6.2 * libgtk-4-1-4.6.9-150400.3.6.2 * openSUSE Leap 15.4 (noarch) * gtk4-schema-4.6.9-150400.3.6.2 * gtk4-lang-4.6.9-150400.3.6.2 * gtk4-branding-SLE-15.0-150400.3.2.2 * gtk4-branding-upstream-4.6.9-150400.3.6.2 * gtk4-docs-4.6.9-150400.3.6.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gtk4-debugsource-4.6.9-150400.3.6.2 * gtk4-tools-4.6.9-150400.3.6.2 * gtk4-devel-debuginfo-4.6.9-150400.3.6.2 * libgtk-4-1-debuginfo-4.6.9-150400.3.6.2 * gettext-its-gtk4-4.6.9-150400.3.6.2 * typelib-1_0-Gtk-4_0-4.6.9-150400.3.6.2 * gtk4-tools-debuginfo-4.6.9-150400.3.6.2 * gtk4-devel-4.6.9-150400.3.6.2 * gtk4-debuginfo-4.6.9-150400.3.6.2 * libgtk-4-1-4.6.9-150400.3.6.2 * openSUSE Leap 15.5 (noarch) * gtk4-schema-4.6.9-150400.3.6.2 * gtk4-lang-4.6.9-150400.3.6.2 * gtk4-branding-SLE-15.0-150400.3.2.2 * gtk4-branding-upstream-4.6.9-150400.3.6.2 * gtk4-docs-4.6.9-150400.3.6.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gtk4-debugsource-4.6.9-150400.3.6.2 * typelib-1_0-Gtk-4_0-4.6.9-150400.3.6.2 * libgtk-4-1-debuginfo-4.6.9-150400.3.6.2 * gettext-its-gtk4-4.6.9-150400.3.6.2 * gtk4-debuginfo-4.6.9-150400.3.6.2 * libgtk-4-1-4.6.9-150400.3.6.2 * Basesystem Module 15-SP4 (noarch) * gtk4-branding-SLE-15.0-150400.3.2.2 * gtk4-schema-4.6.9-150400.3.6.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gtk4-debugsource-4.6.9-150400.3.6.2 * typelib-1_0-Gtk-4_0-4.6.9-150400.3.6.2 * libgtk-4-1-debuginfo-4.6.9-150400.3.6.2 * gettext-its-gtk4-4.6.9-150400.3.6.2 * gtk4-debuginfo-4.6.9-150400.3.6.2 * libgtk-4-1-4.6.9-150400.3.6.2 * Basesystem Module 15-SP5 (noarch) * gtk4-branding-SLE-15.0-150400.3.2.2 * gtk4-schema-4.6.9-150400.3.6.2 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gtk4-debuginfo-4.6.9-150400.3.6.2 * gtk4-debugsource-4.6.9-150400.3.6.2 * gtk4-devel-debuginfo-4.6.9-150400.3.6.2 * gtk4-devel-4.6.9-150400.3.6.2 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gtk4-debuginfo-4.6.9-150400.3.6.2 * gtk4-debugsource-4.6.9-150400.3.6.2 * gtk4-devel-debuginfo-4.6.9-150400.3.6.2 * gtk4-devel-4.6.9-150400.3.6.2 ## References: * https://jira.suse.com/browse/PED-2423 * https://jira.suse.com/browse/PED-2645 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:35 -0000 Subject: SUSE-RU-2023:3481-1: important: Recommended update for s390-tools Message-ID: <169331223593.30880.6848852027796460872@smelt2.suse.de> # Recommended update for s390-tools Announcement ID: SUSE-RU-2023:3481-1 Rating: important References: * #1213377 * #1213852 * #1214114 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has three recommended fixes can now be installed. ## Description: This update for s390-tools fixes the following issues: * Fix issues with zdev: * Add missing label in the udev-rules (bsc#1213377) * Cleanup patches to fix warnings (bsc#1213852) * Fall back to full format if space release fails (bsc#1214114) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3481=1 openSUSE-SLE-15.5-2023-3481=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3481=1 ## Package List: * openSUSE Leap 15.5 (s390x) * s390-tools-2.25.0-150500.9.3.1 * s390-tools-chreipl-fcp-mpath-2.25.0-150500.9.3.1 * libkmipclient1-debuginfo-2.25.0-150500.9.3.1 * s390-tools-hmcdrvfs-debuginfo-2.25.0-150500.9.3.1 * osasnmpd-2.25.0-150500.9.3.1 * osasnmpd-debuginfo-2.25.0-150500.9.3.1 * s390-tools-debugsource-2.25.0-150500.9.3.1 * libekmfweb1-debuginfo-2.25.0-150500.9.3.1 * s390-tools-zdsfs-2.25.0-150500.9.3.1 * libekmfweb1-2.25.0-150500.9.3.1 * libkmipclient1-devel-2.25.0-150500.9.3.1 * s390-tools-debuginfo-2.25.0-150500.9.3.1 * s390-tools-zdsfs-debuginfo-2.25.0-150500.9.3.1 * libekmfweb1-devel-2.25.0-150500.9.3.1 * libkmipclient1-2.25.0-150500.9.3.1 * s390-tools-hmcdrvfs-2.25.0-150500.9.3.1 * Basesystem Module 15-SP5 (s390x) * s390-tools-2.25.0-150500.9.3.1 * s390-tools-chreipl-fcp-mpath-2.25.0-150500.9.3.1 * libkmipclient1-debuginfo-2.25.0-150500.9.3.1 * s390-tools-hmcdrvfs-debuginfo-2.25.0-150500.9.3.1 * osasnmpd-2.25.0-150500.9.3.1 * osasnmpd-debuginfo-2.25.0-150500.9.3.1 * s390-tools-debugsource-2.25.0-150500.9.3.1 * libekmfweb1-debuginfo-2.25.0-150500.9.3.1 * s390-tools-zdsfs-2.25.0-150500.9.3.1 * libekmfweb1-2.25.0-150500.9.3.1 * s390-tools-debuginfo-2.25.0-150500.9.3.1 * s390-tools-zdsfs-debuginfo-2.25.0-150500.9.3.1 * libekmfweb1-devel-2.25.0-150500.9.3.1 * libkmipclient1-2.25.0-150500.9.3.1 * s390-tools-hmcdrvfs-2.25.0-150500.9.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1213377 * https://bugzilla.suse.com/show_bug.cgi?id=1213852 * https://bugzilla.suse.com/show_bug.cgi?id=1214114 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:37 -0000 Subject: SUSE-RU-2023:3480-1: moderate: Recommended update for openjpeg2 Message-ID: <169331223786.30880.16891090354546716669@smelt2.suse.de> # Recommended update for openjpeg2 Announcement ID: SUSE-RU-2023:3480-1 Rating: moderate References: * #1201799 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one recommended fix can now be installed. ## Description: This update for openjpeg2 fixes the following issues: * Fix openjpeg2-devel to require openjpeg as some cmake targets may fail without the base package installed (bsc#1201799) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3480=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3480=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3480=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3480=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3480=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3480=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3480=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3480=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3480=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3480=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenjp2-7-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-2.3.0-150000.3.13.1 * openjpeg2-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-devel-2.3.0-150000.3.13.1 * openjpeg2-debugsource-2.3.0-150000.3.13.1 * libopenjp2-7-2.3.0-150000.3.13.1 * openSUSE Leap 15.4 (x86_64) * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.13.1 * libopenjp2-7-32bit-2.3.0-150000.3.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libopenjp2-7-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-2.3.0-150000.3.13.1 * openjpeg2-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-devel-2.3.0-150000.3.13.1 * openjpeg2-debugsource-2.3.0-150000.3.13.1 * libopenjp2-7-2.3.0-150000.3.13.1 * openSUSE Leap 15.5 (x86_64) * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.13.1 * libopenjp2-7-32bit-2.3.0-150000.3.13.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenjp2-7-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-2.3.0-150000.3.13.1 * openjpeg2-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-devel-2.3.0-150000.3.13.1 * openjpeg2-debugsource-2.3.0-150000.3.13.1 * libopenjp2-7-2.3.0-150000.3.13.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenjp2-7-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-2.3.0-150000.3.13.1 * openjpeg2-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-devel-2.3.0-150000.3.13.1 * openjpeg2-debugsource-2.3.0-150000.3.13.1 * libopenjp2-7-2.3.0-150000.3.13.1 * Development Tools Module 15-SP5 (x86_64) * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.13.1 * libopenjp2-7-32bit-2.3.0-150000.3.13.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.13.1 * libopenjp2-7-32bit-2.3.0-150000.3.13.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.13.1 * libopenjp2-7-32bit-2.3.0-150000.3.13.1 * SUSE Manager Proxy 4.2 (x86_64) * libopenjp2-7-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-2.3.0-150000.3.13.1 * openjpeg2-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-devel-2.3.0-150000.3.13.1 * openjpeg2-debugsource-2.3.0-150000.3.13.1 * libopenjp2-7-2.3.0-150000.3.13.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libopenjp2-7-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-2.3.0-150000.3.13.1 * openjpeg2-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-devel-2.3.0-150000.3.13.1 * openjpeg2-debugsource-2.3.0-150000.3.13.1 * libopenjp2-7-2.3.0-150000.3.13.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libopenjp2-7-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-2.3.0-150000.3.13.1 * openjpeg2-debuginfo-2.3.0-150000.3.13.1 * openjpeg2-devel-2.3.0-150000.3.13.1 * openjpeg2-debugsource-2.3.0-150000.3.13.1 * libopenjp2-7-2.3.0-150000.3.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201799 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:40 -0000 Subject: SUSE-RU-2023:3479-1: moderate: Recommended update for powerpc-utils Message-ID: <169331224043.30880.4928652583637589249@smelt2.suse.de> # Recommended update for powerpc-utils Announcement ID: SUSE-RU-2023:3479-1 Rating: moderate References: * #1205462 * #1214285 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for powerpc-utils fixes the following issues: * Tell kernel about the SMT value set by ppc64_cpu (bsc#1214285, bsc#1205462) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3479=1 SUSE-2023-3479=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3479=1 ## Package List: * openSUSE Leap 15.4 (ppc64le) * powerpc-utils-debugsource-1.3.10-150400.19.15.1 * powerpc-utils-1.3.10-150400.19.15.1 * powerpc-utils-debuginfo-1.3.10-150400.19.15.1 * Basesystem Module 15-SP4 (ppc64le) * powerpc-utils-debugsource-1.3.10-150400.19.15.1 * powerpc-utils-1.3.10-150400.19.15.1 * powerpc-utils-debuginfo-1.3.10-150400.19.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:43 -0000 Subject: SUSE-RU-2023:3478-1: moderate: Recommended update for powerpc-utils Message-ID: <169331224330.30880.13249141149720979588@smelt2.suse.de> # Recommended update for powerpc-utils Announcement ID: SUSE-RU-2023:3478-1 Rating: moderate References: * #1205462 * #1214285 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for powerpc-utils fixes the following issues: * Tell kernel about the SMT value set by ppc64_cpu (bsc#1214285 bsc#1205462) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3478=1 openSUSE-SLE-15.5-2023-3478=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3478=1 ## Package List: * openSUSE Leap 15.5 (ppc64le) * powerpc-utils-1.3.11-150500.3.6.1 * powerpc-utils-debuginfo-1.3.11-150500.3.6.1 * powerpc-utils-debugsource-1.3.11-150500.3.6.1 * Basesystem Module 15-SP5 (ppc64le) * powerpc-utils-1.3.11-150500.3.6.1 * powerpc-utils-debuginfo-1.3.11-150500.3.6.1 * powerpc-utils-debugsource-1.3.11-150500.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205462 * https://bugzilla.suse.com/show_bug.cgi?id=1214285 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:45 -0000 Subject: SUSE-RU-2023:3477-1: low: Recommended update for cpuset Message-ID: <169331224533.30880.399044389492048252@smelt2.suse.de> # Recommended update for cpuset Announcement ID: SUSE-RU-2023:3477-1 Rating: low References: * #1210468 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for cpuset fixes the following issues: * Fix documentation typos (bsc#1210468) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3477=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3477=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3477=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3477=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3477=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3477=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3477=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3477=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3477=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3477=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3477=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3477=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3477=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3477=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3477=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3477=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3477=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3477=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3477=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3477=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3477=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3477=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3477=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3477=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3477=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3477=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3477=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * cpuset-1.6.1-150100.3.6.1 * openSUSE Leap Micro 5.4 (noarch) * cpuset-1.6.1-150100.3.6.1 * openSUSE Leap 15.4 (noarch) * cpuset-1.6.1-150100.3.6.1 * openSUSE Leap 15.5 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * cpuset-1.6.1-150100.3.6.1 * Basesystem Module 15-SP4 (noarch) * cpuset-1.6.1-150100.3.6.1 * Basesystem Module 15-SP5 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Manager Proxy 4.2 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Manager Server 4.2 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Enterprise Storage 7.1 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE CaaS Platform 4.0 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * cpuset-1.6.1-150100.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * cpuset-1.6.1-150100.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210468 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:48 -0000 Subject: SUSE-RU-2023:3476-1: moderate: Recommended update for jing-trang Message-ID: <169331224882.30880.14252256597998697657@smelt2.suse.de> # Recommended update for jing-trang Announcement ID: SUSE-RU-2023:3476-1 Rating: moderate References: * SLE-23217 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that contains one feature can now be installed. ## Description: This update for jing-trang fixes the following issues: * Version update from 20181222 to 20220510 (jsc#SLE-23217): * Fix NullPointerException when namespace URI is null * Travis: Dropo old Travis-no-longer supports JDKs * Fix missing format string for column argument * Add a SAX API to the Validation Driver * Fix compilation issues with Java 11 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3476=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3476=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3476=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3476=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3476=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3476=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3476=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3476=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3476=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3476=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3476=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3476=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3476=1 ## Package List: * openSUSE Leap 15.4 (noarch) * jing-javadoc-20220510-150200.10.7.3 * jing-20220510-150200.10.7.3 * dtdinst-20220510-150200.10.7.3 * trang-20220510-150200.10.7.3 * Development Tools Module 15-SP4 (noarch) * jing-20220510-150200.10.7.3 * SUSE Package Hub 15 15-SP4 (noarch) * trang-20220510-150200.10.7.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * jing-20220510-150200.10.7.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * jing-20220510-150200.10.7.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * jing-20220510-150200.10.7.3 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * jing-20220510-150200.10.7.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * jing-20220510-150200.10.7.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * jing-20220510-150200.10.7.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * jing-20220510-150200.10.7.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * jing-20220510-150200.10.7.3 * SUSE Enterprise Storage 7.1 (noarch) * jing-20220510-150200.10.7.3 * SUSE Enterprise Storage 7 (noarch) * jing-20220510-150200.10.7.3 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:55 -0000 Subject: SUSE-SU-2023:3475-1: important: Security update for SUSE Manager 4.2 release notes Message-ID: <169331225513.30880.14031671592806998607@smelt2.suse.de> # Security update for SUSE Manager 4.2 release notes Announcement ID: SUSE-SU-2023:3475-1 Rating: important References: * #1175823 * #1208528 * #1208577 * #1209156 * #1210103 * #1210994 * #1211100 * #1211469 * #1211650 * #1211884 * #1212032 * #1212106 * #1212416 * #1212507 * #1212589 * #1212700 * #1212943 * #1213880 * #1214187 * #1214333 * MSQA-698 Cross-References: * CVE-2023-29409 CVSS scores: * CVE-2023-29409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29409 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: An update that solves one vulnerability, contains one feature and has 19 fixes can now be installed. ## Description: Maintenance update for SUSE Manager 4.2: Release notes for Server, Proxy and Retail Branch Server This is a codestream only update ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: ## Package List: ## References: * https://www.suse.com/security/cve/CVE-2023-29409.html * https://bugzilla.suse.com/show_bug.cgi?id=1175823 * https://bugzilla.suse.com/show_bug.cgi?id=1208528 * https://bugzilla.suse.com/show_bug.cgi?id=1208577 * https://bugzilla.suse.com/show_bug.cgi?id=1209156 * https://bugzilla.suse.com/show_bug.cgi?id=1210103 * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211100 * https://bugzilla.suse.com/show_bug.cgi?id=1211469 * https://bugzilla.suse.com/show_bug.cgi?id=1211650 * https://bugzilla.suse.com/show_bug.cgi?id=1211884 * https://bugzilla.suse.com/show_bug.cgi?id=1212032 * https://bugzilla.suse.com/show_bug.cgi?id=1212106 * https://bugzilla.suse.com/show_bug.cgi?id=1212416 * https://bugzilla.suse.com/show_bug.cgi?id=1212507 * https://bugzilla.suse.com/show_bug.cgi?id=1212589 * https://bugzilla.suse.com/show_bug.cgi?id=1212700 * https://bugzilla.suse.com/show_bug.cgi?id=1212943 * https://bugzilla.suse.com/show_bug.cgi?id=1213880 * https://bugzilla.suse.com/show_bug.cgi?id=1214187 * https://bugzilla.suse.com/show_bug.cgi?id=1214333 * https://jira.suse.com/browse/MSQA-698 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:56 -0000 Subject: SUSE-RU-2023:3473-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <169331225692.30880.934160571140504733@smelt2.suse.de> # Recommended update for lifecycle-data-sle-live-patching Announcement ID: SUSE-RU-2023:3473-1 Rating: moderate References: * #1020320 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Live Patching 12 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lifecycle-data-sle-live-patching fixes the following issues: * Added data for 4_12_14-122_165 (bsc#1020320) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12 zypper in -t patch SUSE-SLE-Live-Patching-12-2023-3473=1 * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-3473=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3473=1 ## Package List: * SUSE Linux Enterprise Live Patching 12 (noarch) * lifecycle-data-sle-live-patching-1-10.134.1 * SUSE Linux Enterprise Live Patching 12-SP4 (noarch) * lifecycle-data-sle-live-patching-1-10.134.1 * SUSE Linux Enterprise Live Patching 12-SP5 (noarch) * lifecycle-data-sle-live-patching-1-10.134.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:30:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:30:58 -0000 Subject: SUSE-SU-2023:3472-1: low: Security update for procps Message-ID: <169331225887.30880.2363681894619865878@smelt2.suse.de> # Security update for procps Announcement ID: SUSE-SU-2023:3472-1 Rating: low References: * #1214290 Cross-References: * CVE-2023-4016 CVSS scores: * CVE-2023-4016 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4016 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for procps fixes the following issues: * CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3472=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3472=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3472=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3472=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3472=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3472=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3472=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3472=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3472=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3472=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3472=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3472=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3472=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3472=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3472=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3472=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * procps-devel-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * procps-devel-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * procps-devel-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * procps-devel-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * SUSE Manager Proxy 4.2 (x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * procps-devel-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * procps-devel-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libprocps7-3.3.15-150000.7.34.1 * procps-debuginfo-3.3.15-150000.7.34.1 * procps-devel-3.3.15-150000.7.34.1 * libprocps7-debuginfo-3.3.15-150000.7.34.1 * procps-3.3.15-150000.7.34.1 * procps-debugsource-3.3.15-150000.7.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4016.html * https://bugzilla.suse.com/show_bug.cgi?id=1214290 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:31:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:31:01 -0000 Subject: SUSE-SU-2023:3471-1: low: Security update for procps Message-ID: <169331226154.30880.9111664813404712822@smelt2.suse.de> # Security update for procps Announcement ID: SUSE-SU-2023:3471-1 Rating: low References: * #1214290 Cross-References: * CVE-2023-4016 CVSS scores: * CVE-2023-4016 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4016 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for procps fixes the following issues: * CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3471=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3471=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3471=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3471=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * procps-devel-3.3.9-11.27.1 * procps-debuginfo-3.3.9-11.27.1 * procps-debugsource-3.3.9-11.27.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * procps-debugsource-3.3.9-11.27.1 * libprocps3-3.3.9-11.27.1 * procps-3.3.9-11.27.1 * procps-debuginfo-3.3.9-11.27.1 * libprocps3-debuginfo-3.3.9-11.27.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * procps-debugsource-3.3.9-11.27.1 * libprocps3-3.3.9-11.27.1 * procps-3.3.9-11.27.1 * procps-debuginfo-3.3.9-11.27.1 * libprocps3-debuginfo-3.3.9-11.27.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * procps-debugsource-3.3.9-11.27.1 * libprocps3-3.3.9-11.27.1 * procps-3.3.9-11.27.1 * procps-debuginfo-3.3.9-11.27.1 * libprocps3-debuginfo-3.3.9-11.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4016.html * https://bugzilla.suse.com/show_bug.cgi?id=1214290 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 12:31:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 12:31:03 -0000 Subject: SUSE-RU-2023:3470-1: low: Recommended update for parted Message-ID: <169331226371.30880.5867255592232698125@smelt2.suse.de> # Recommended update for parted Announcement ID: SUSE-RU-2023:3470-1 Rating: low References: * #1182142 * #1193412 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for parted fixes the following issues: * fix null pointer dereference (bsc#1193412) * update mkpart options in manpage (bsc#1182142) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3470=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3470=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3470=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3470=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3470=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3470=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3470=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3470=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3470=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3470=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3470=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3470=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3470=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3470=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3470=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3470=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * parted-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * parted-devel-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * openSUSE Leap 15.4 (x86_64) * libparted0-32bit-3.2-150300.21.3.1 * libparted0-32bit-debuginfo-3.2-150300.21.3.1 * openSUSE Leap 15.4 (noarch) * parted-lang-3.2-150300.21.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * parted-devel-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * openSUSE Leap 15.5 (x86_64) * libparted0-32bit-3.2-150300.21.3.1 * libparted0-32bit-debuginfo-3.2-150300.21.3.1 * openSUSE Leap 15.5 (noarch) * parted-lang-3.2-150300.21.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * parted-devel-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * Basesystem Module 15-SP4 (noarch) * parted-lang-3.2-150300.21.3.1 * Basesystem Module 15-SP4 (x86_64) * libparted0-32bit-3.2-150300.21.3.1 * libparted0-32bit-debuginfo-3.2-150300.21.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * parted-devel-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * Basesystem Module 15-SP5 (noarch) * parted-lang-3.2-150300.21.3.1 * Basesystem Module 15-SP5 (x86_64) * libparted0-32bit-3.2-150300.21.3.1 * libparted0-32bit-debuginfo-3.2-150300.21.3.1 * SUSE Manager Proxy 4.2 (x86_64) * parted-debuginfo-3.2-150300.21.3.1 * parted-devel-3.2-150300.21.3.1 * libparted0-32bit-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * libparted0-32bit-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * SUSE Manager Proxy 4.2 (noarch) * parted-lang-3.2-150300.21.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * parted-debuginfo-3.2-150300.21.3.1 * parted-devel-3.2-150300.21.3.1 * libparted0-32bit-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * libparted0-32bit-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * parted-lang-3.2-150300.21.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * parted-devel-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * SUSE Manager Server 4.2 (noarch) * parted-lang-3.2-150300.21.3.1 * SUSE Manager Server 4.2 (x86_64) * libparted0-32bit-3.2-150300.21.3.1 * libparted0-32bit-debuginfo-3.2-150300.21.3.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * parted-debuginfo-3.2-150300.21.3.1 * libparted0-debuginfo-3.2-150300.21.3.1 * parted-debugsource-3.2-150300.21.3.1 * libparted0-3.2-150300.21.3.1 * parted-3.2-150300.21.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1182142 * https://bugzilla.suse.com/show_bug.cgi?id=1193412 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 16:30:03 -0000 Subject: SUSE-RU-2023:3487-1: moderate: Recommended update for lvm2 Message-ID: <169332660384.23122.2995148968228278523@smelt2.suse.de> # Recommended update for lvm2 Announcement ID: SUSE-RU-2023:3487-1 Rating: moderate References: * #1214071 Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for lvm2 fixes the following issues: * blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-3487=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3487=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3487=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3487=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3487=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3487=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3487=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3487=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * lvm2-lockd-2.03.05-150200.8.52.1 * lvm2-lockd-debuginfo-2.03.05-150200.8.52.1 * lvm2-lvmlockd-debugsource-2.03.05-150200.8.52.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * lvm2-lockd-2.03.05-150200.8.52.1 * lvm2-lockd-debuginfo-2.03.05-150200.8.52.1 * lvm2-lvmlockd-debugsource-2.03.05-150200.8.52.1 * SUSE Manager Proxy 4.2 (x86_64) * device-mapper-devel-2.03.05_1.02.163-150200.8.52.1 * lvm2-2.03.05-150200.8.52.1 * lvm2-devel-2.03.05-150200.8.52.1 * libdevmapper-event1_03-2.03.05_1.02.163-150200.8.52.1 * lvm2-debuginfo-2.03.05-150200.8.52.1 * libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.52.1 * liblvm2cmd2_03-debuginfo-2.03.05-150200.8.52.1 * lvm2-debugsource-2.03.05-150200.8.52.1 * libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 * liblvm2cmd2_03-2.03.05-150200.8.52.1 * device-mapper-2.03.05_1.02.163-150200.8.52.1 * libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.52.1 * device-mapper-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * device-mapper-devel-2.03.05_1.02.163-150200.8.52.1 * lvm2-2.03.05-150200.8.52.1 * lvm2-devel-2.03.05-150200.8.52.1 * libdevmapper-event1_03-2.03.05_1.02.163-150200.8.52.1 * lvm2-debuginfo-2.03.05-150200.8.52.1 * libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.52.1 * liblvm2cmd2_03-debuginfo-2.03.05-150200.8.52.1 * lvm2-debugsource-2.03.05-150200.8.52.1 * libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 * liblvm2cmd2_03-2.03.05-150200.8.52.1 * device-mapper-2.03.05_1.02.163-150200.8.52.1 * libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.52.1 * device-mapper-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * device-mapper-devel-2.03.05_1.02.163-150200.8.52.1 * lvm2-2.03.05-150200.8.52.1 * lvm2-devel-2.03.05-150200.8.52.1 * libdevmapper-event1_03-2.03.05_1.02.163-150200.8.52.1 * lvm2-debuginfo-2.03.05-150200.8.52.1 * liblvm2cmd2_03-debuginfo-2.03.05-150200.8.52.1 * lvm2-debugsource-2.03.05-150200.8.52.1 * libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 * liblvm2cmd2_03-2.03.05-150200.8.52.1 * device-mapper-2.03.05_1.02.163-150200.8.52.1 * device-mapper-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * SUSE Manager Server 4.2 (x86_64) * libdevmapper1_03-32bit-2.03.05_1.02.163-150200.8.52.1 * libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150200.8.52.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * lvm2-2.03.05-150200.8.52.1 * libdevmapper-event1_03-2.03.05_1.02.163-150200.8.52.1 * lvm2-debuginfo-2.03.05-150200.8.52.1 * liblvm2cmd2_03-debuginfo-2.03.05-150200.8.52.1 * lvm2-debugsource-2.03.05-150200.8.52.1 * libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 * liblvm2cmd2_03-2.03.05-150200.8.52.1 * device-mapper-2.03.05_1.02.163-150200.8.52.1 * device-mapper-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * lvm2-2.03.05-150200.8.52.1 * libdevmapper-event1_03-2.03.05_1.02.163-150200.8.52.1 * lvm2-debuginfo-2.03.05-150200.8.52.1 * liblvm2cmd2_03-debuginfo-2.03.05-150200.8.52.1 * lvm2-debugsource-2.03.05-150200.8.52.1 * libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 * liblvm2cmd2_03-2.03.05-150200.8.52.1 * device-mapper-2.03.05_1.02.163-150200.8.52.1 * device-mapper-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * lvm2-2.03.05-150200.8.52.1 * libdevmapper-event1_03-2.03.05_1.02.163-150200.8.52.1 * lvm2-debuginfo-2.03.05-150200.8.52.1 * liblvm2cmd2_03-debuginfo-2.03.05-150200.8.52.1 * lvm2-debugsource-2.03.05-150200.8.52.1 * libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 * liblvm2cmd2_03-2.03.05-150200.8.52.1 * device-mapper-2.03.05_1.02.163-150200.8.52.1 * device-mapper-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150200.8.52.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214071 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 16:30:07 -0000 Subject: SUSE-RU-2023:3486-1: moderate: Recommended update for lvm2 Message-ID: <169332660749.23122.13804547931063851030@smelt2.suse.de> # Recommended update for lvm2 Announcement ID: SUSE-RU-2023:3486-1 Rating: moderate References: * #1214071 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for lvm2 fixes the following issues: * blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3486=1 openSUSE-SLE-15.4-2023-3486=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3486=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3486=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3486=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3486=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3486=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3486=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3486=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3486=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * lvm2-testsuite-2.03.05-150400.188.1 * libdevmapper1_03-2.03.05_1.02.163-150400.188.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debuginfo-2.03.05-150400.188.1 * libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1 * lvm2-lockd-2.03.05-150400.188.1 * lvm2-device-mapper-debugsource-2.03.05-150400.188.1 * lvm2-2.03.05-150400.188.1 * device-mapper-devel-2.03.05_1.02.163-150400.188.1 * lvm2-lvmlockd-debugsource-2.03.05-150400.188.1 * device-mapper-2.03.05_1.02.163-150400.188.1 * lvm2-testsuite-debuginfo-2.03.05-150400.188.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-devel-2.03.05-150400.188.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debugsource-2.03.05-150400.188.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.188.1 * lvm2-lockd-debuginfo-2.03.05-150400.188.1 * liblvm2cmd2_03-2.03.05-150400.188.1 * openSUSE Leap 15.4 (x86_64) * libdevmapper-event1_03-32bit-2.03.05_1.02.163-150400.188.1 * device-mapper-devel-32bit-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-32bit-2.03.05_1.02.163-150400.188.1 * libdevmapper-event1_03-32bit-debuginfo-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150400.188.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libdevmapper-event1_03-64bit-debuginfo-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-64bit-2.03.05_1.02.163-150400.188.1 * device-mapper-devel-64bit-2.03.05_1.02.163-150400.188.1 * libdevmapper-event1_03-64bit-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-64bit-debuginfo-2.03.05_1.02.163-150400.188.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libdevmapper1_03-2.03.05_1.02.163-150400.188.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debuginfo-2.03.05-150400.188.1 * libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1 * lvm2-2.03.05-150400.188.1 * device-mapper-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debugsource-2.03.05-150400.188.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.188.1 * liblvm2cmd2_03-2.03.05-150400.188.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libdevmapper1_03-2.03.05_1.02.163-150400.188.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debuginfo-2.03.05-150400.188.1 * libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1 * lvm2-2.03.05-150400.188.1 * device-mapper-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debugsource-2.03.05-150400.188.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.188.1 * liblvm2cmd2_03-2.03.05-150400.188.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libdevmapper1_03-2.03.05_1.02.163-150400.188.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debuginfo-2.03.05-150400.188.1 * libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1 * lvm2-2.03.05-150400.188.1 * device-mapper-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debugsource-2.03.05-150400.188.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.188.1 * liblvm2cmd2_03-2.03.05-150400.188.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libdevmapper1_03-2.03.05_1.02.163-150400.188.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debuginfo-2.03.05-150400.188.1 * libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1 * lvm2-2.03.05-150400.188.1 * device-mapper-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debugsource-2.03.05-150400.188.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.188.1 * liblvm2cmd2_03-2.03.05-150400.188.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libdevmapper1_03-2.03.05_1.02.163-150400.188.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debuginfo-2.03.05-150400.188.1 * libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1 * lvm2-2.03.05-150400.188.1 * device-mapper-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debugsource-2.03.05-150400.188.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.188.1 * liblvm2cmd2_03-2.03.05-150400.188.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libdevmapper1_03-2.03.05_1.02.163-150400.188.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debuginfo-2.03.05-150400.188.1 * libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1 * lvm2-2.03.05-150400.188.1 * device-mapper-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debugsource-2.03.05-150400.188.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.188.1 * liblvm2cmd2_03-2.03.05-150400.188.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libdevmapper1_03-2.03.05_1.02.163-150400.188.1 * libdevmapper-event1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * lvm2-debuginfo-2.03.05-150400.188.1 * libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1 * lvm2-2.03.05-150400.188.1 * device-mapper-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-debuginfo-2.03.05_1.02.163-150400.188.1 * device-mapper-debuginfo-2.03.05_1.02.163-150400.188.1 * liblvm2cmd2_03-2.03.05-150400.188.1 * lvm2-devel-2.03.05-150400.188.1 * lvm2-debugsource-2.03.05-150400.188.1 * liblvm2cmd2_03-debuginfo-2.03.05-150400.188.1 * device-mapper-devel-2.03.05_1.02.163-150400.188.1 * Basesystem Module 15-SP4 (x86_64) * libdevmapper1_03-32bit-2.03.05_1.02.163-150400.188.1 * libdevmapper1_03-32bit-debuginfo-2.03.05_1.02.163-150400.188.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * lvm2-lockd-debuginfo-2.03.05-150400.188.1 * lvm2-lockd-2.03.05-150400.188.1 * lvm2-lvmlockd-debugsource-2.03.05-150400.188.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214071 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Aug 29 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Aug 2023 16:30:09 -0000 Subject: SUSE-RU-2023:3485-1: moderate: Recommended update for lvm2 Message-ID: <169332660919.23122.10458046894012561638@smelt2.suse.de> # Recommended update for lvm2 Announcement ID: SUSE-RU-2023:3485-1 Rating: moderate References: * #1214071 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lvm2 fixes the following issues: * blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3485=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3485=1 openSUSE-SLE-15.5-2023-3485=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3485=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * lvm2-lockd-2.03.16-150500.7.6.1 * lvm2-lvmlockd-debugsource-2.03.16-150500.7.6.1 * lvm2-lockd-debuginfo-2.03.16-150500.7.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * lvm2-lvmlockd-debugsource-2.03.16-150500.7.6.1 * lvm2-2.03.16-150500.7.6.1 * libdevmapper1_03-debuginfo-2.03.16_1.02.185-150500.7.6.1 * libdevmapper-event1_03-2.03.16_1.02.185-150500.7.6.1 * libdevmapper-event1_03-debuginfo-2.03.16_1.02.185-150500.7.6.1 * lvm2-testsuite-2.03.16-150500.7.6.1 * liblvm2cmd2_03-2.03.16-150500.7.6.1 * lvm2-debuginfo-2.03.16-150500.7.6.1 * device-mapper-devel-2.03.16_1.02.185-150500.7.6.1 * libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 * lvm2-device-mapper-debugsource-2.03.16-150500.7.6.1 * lvm2-lockd-debuginfo-2.03.16-150500.7.6.1 * lvm2-testsuite-debuginfo-2.03.16-150500.7.6.1 * lvm2-lockd-2.03.16-150500.7.6.1 * liblvm2cmd2_03-debuginfo-2.03.16-150500.7.6.1 * lvm2-debugsource-2.03.16-150500.7.6.1 * lvm2-devel-2.03.16-150500.7.6.1 * device-mapper-2.03.16_1.02.185-150500.7.6.1 * device-mapper-debuginfo-2.03.16_1.02.185-150500.7.6.1 * openSUSE Leap 15.5 (x86_64) * libdevmapper-event1_03-32bit-2.03.16_1.02.185-150500.7.6.1 * libdevmapper1_03-32bit-debuginfo-2.03.16_1.02.185-150500.7.6.1 * device-mapper-devel-32bit-2.03.16_1.02.185-150500.7.6.1 * libdevmapper1_03-32bit-2.03.16_1.02.185-150500.7.6.1 * libdevmapper-event1_03-32bit-debuginfo-2.03.16_1.02.185-150500.7.6.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libdevmapper-event1_03-64bit-debuginfo-2.03.16_1.02.185-150500.7.6.1 * libdevmapper-event1_03-64bit-2.03.16_1.02.185-150500.7.6.1 * libdevmapper1_03-64bit-2.03.16_1.02.185-150500.7.6.1 * libdevmapper1_03-64bit-debuginfo-2.03.16_1.02.185-150500.7.6.1 * device-mapper-devel-64bit-2.03.16_1.02.185-150500.7.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * lvm2-2.03.16-150500.7.6.1 * libdevmapper1_03-debuginfo-2.03.16_1.02.185-150500.7.6.1 * libdevmapper-event1_03-2.03.16_1.02.185-150500.7.6.1 * libdevmapper-event1_03-debuginfo-2.03.16_1.02.185-150500.7.6.1 * libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 * liblvm2cmd2_03-2.03.16-150500.7.6.1 * lvm2-debuginfo-2.03.16-150500.7.6.1 * device-mapper-devel-2.03.16_1.02.185-150500.7.6.1 * liblvm2cmd2_03-debuginfo-2.03.16-150500.7.6.1 * lvm2-debugsource-2.03.16-150500.7.6.1 * lvm2-devel-2.03.16-150500.7.6.1 * device-mapper-2.03.16_1.02.185-150500.7.6.1 * device-mapper-debuginfo-2.03.16_1.02.185-150500.7.6.1 * Basesystem Module 15-SP5 (x86_64) * libdevmapper1_03-32bit-debuginfo-2.03.16_1.02.185-150500.7.6.1 * libdevmapper1_03-32bit-2.03.16_1.02.185-150500.7.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1214071 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 30 07:05:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 09:05:25 +0200 (CEST) Subject: SUSE-CU-2023:2768-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20230830070525.E10BCFDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2768-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.29 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.29 Severity : moderate Type : security References : 1103893 1112183 1186606 1194609 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 1214025 1214071 CVE-2023-4156 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) The following package changes have been done: - gawk-4.2.1-150000.3.3.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - systemd-249.16-150400.8.33.1 updated From sle-updates at lists.suse.com Wed Aug 30 07:06:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 09:06:58 +0200 (CEST) Subject: SUSE-CU-2023:2769-1: Security update of suse/sle15 Message-ID: <20230830070658.572D5FDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2769-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.90 , suse/sle15:15.4 , suse/sle15:15.4.27.14.90 Container Release : 27.14.90 Severity : moderate Type : security References : 1201519 1204844 1213517 1213853 CVE-2023-3817 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - openssl-1_1-1.1.1l-150400.7.53.1 updated From sle-updates at lists.suse.com Wed Aug 30 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 12:30:01 -0000 Subject: SUSE-RU-2023:3489-1: moderate: Recommended update for openstack-ec2-api Message-ID: <169339860163.5557.11229616591000216170@smelt2.suse.de> # Recommended update for openstack-ec2-api Announcement ID: SUSE-RU-2023:3489-1 Rating: moderate References: Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that can now be installed. ## Description: This update for openstack-ec2-api fixes the following issues: * Update to version ec2-api-5.0.1.dev13: * Correct queue declaration in Zuul config ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-3489=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-3489=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-3489=1 ## Package List: * HPE Helion OpenStack 8 (noarch) * openstack-ec2-api-s3-5.0.1~dev13-4.12.3 * python-ec2api-5.0.1~dev13-4.12.3 * openstack-ec2-api-metadata-5.0.1~dev13-4.12.3 * openstack-ec2-api-api-5.0.1~dev13-4.12.3 * openstack-ec2-api-5.0.1~dev13-4.12.3 * SUSE OpenStack Cloud 8 (noarch) * openstack-ec2-api-s3-5.0.1~dev13-4.12.3 * python-ec2api-5.0.1~dev13-4.12.3 * openstack-ec2-api-metadata-5.0.1~dev13-4.12.3 * openstack-ec2-api-api-5.0.1~dev13-4.12.3 * openstack-ec2-api-5.0.1~dev13-4.12.3 * SUSE OpenStack Cloud Crowbar 8 (noarch) * openstack-ec2-api-s3-5.0.1~dev13-4.12.3 * python-ec2api-5.0.1~dev13-4.12.3 * openstack-ec2-api-metadata-5.0.1~dev13-4.12.3 * openstack-ec2-api-api-5.0.1~dev13-4.12.3 * openstack-ec2-api-5.0.1~dev13-4.12.3 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 30 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 12:30:03 -0000 Subject: SUSE-RU-2023:3488-1: moderate: Recommended update for suse-migration-sle15-activation Message-ID: <169339860381.5557.13698280084356418437@smelt2.suse.de> # Recommended update for suse-migration-sle15-activation Announcement ID: SUSE-RU-2023:3488-1 Rating: moderate References: * #1211240 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for suse-migration-sle15-activation fnd suse-migration-services ixes the following issues: Bump version: from 2.0.36 to 2.0.37: \- Add clarifying text for partition requirements \- Use latest SUSE stylesheet \- Add update_bootloader to address. (bsc#1211240) \- Add missing metadata for "Report bug" in docs.suse.com ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3488=1 ## Package List: * Public Cloud Module 12 (x86_64) * SLES15-Migration-2.0.37-6 * Public Cloud Module 12 (noarch) * suse-migration-pre-checks-2.0.37-6.20.4 * suse-migration-sle15-activation-2.0.37-6.41.6 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211240 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 30 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 16:30:05 -0000 Subject: SUSE-RU-2023:3492-1: moderate: Recommended update for yast2-sap-ha and yast2-cluster Message-ID: <169341300532.22146.9560854267729683844@smelt2.suse.de> # Recommended update for yast2-sap-ha and yast2-cluster Announcement ID: SUSE-RU-2023:3492-1 Rating: moderate References: * #1202112 * #1207740 * #1209204 * #1209602 * #1211027 Affected Products: * SAP Applications Module 15-SP3 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has five recommended fixes can now be installed. ## Description: This update for yast2-sap-ha and yast2-cluster fixes the following issues: yast2-cluster: \- Fixed issue when corosync configuration has changed but the changes were not written. (bsc#1209602) \- Fixed the agent naming from OpenAIS to Corosync to avoid misleading information. (bsc#1209602) \- Fixes an issue when the obsolete 'openais' agent is called and caused errors in log. (bsc#1209602) \- Add 'csync2.socket' replacing the wrongly declared 'csync2.service'. (bsc#1209602) yast2-sap-ha: \- Fix evaluation CustOpt settings and take over in best practice guide. (bsc#1209204) \- Fixes an issue when 'yast2-sap-ha' can't configure firewall. (bsc#1211027) \- New function to get the primary hostname on the master. \- Fix setting secondary and primary hostname for the template \- Do not enbale and start 'csync2' by installing the package. \- Fixed an issue when adjusting global.ini for the production system was not possible. (bsc#1207740) \- Enable 'csync2' configuration. (bsc#1202112) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-3492=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3492=1 ## Package List: * SAP Applications Module 15-SP3 (noarch) * yast2-sap-ha-4.3.0-150300.10.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (noarch) * yast2-cluster-4.3.8-150300.3.6.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202112 * https://bugzilla.suse.com/show_bug.cgi?id=1207740 * https://bugzilla.suse.com/show_bug.cgi?id=1209204 * https://bugzilla.suse.com/show_bug.cgi?id=1209602 * https://bugzilla.suse.com/show_bug.cgi?id=1211027 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 30 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 16:30:07 -0000 Subject: SUSE-RU-2023:3491-1: moderate: Recommended update for yast2-sap-ha Message-ID: <169341300725.22146.6019809211881984318@smelt2.suse.de> # Recommended update for yast2-sap-ha Announcement ID: SUSE-RU-2023:3491-1 Rating: moderate References: * #1209204 * #1211027 Affected Products: * openSUSE Leap 15.5 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for yast2-sap-ha fixes the following issues: * Fix evaluation CustOpt settings and take over in best practice guide. (bsc#1209204) * Fixes an issue when 'yast2-sap-ha' can't configure firewall. (bsc#1211027) * New function to get the primary hostname on the master. * Fix setting secondary and primary hostname for the template * Do not enbale and start csync2 by installing the package. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-3491=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3491=1 openSUSE-SLE-15.5-2023-3491=1 ## Package List: * SAP Applications Module 15-SP5 (noarch) * yast2-sap-ha-4.5.8-150500.3.5.1 * openSUSE Leap 15.5 (noarch) * yast2-sap-ha-4.5.8-150500.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209204 * https://bugzilla.suse.com/show_bug.cgi?id=1211027 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 30 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 16:30:08 -0000 Subject: SUSE-SU-2023:3490-1: moderate: Security update for haproxy Message-ID: <169341300892.22146.9803978742581756438@smelt2.suse.de> # Security update for haproxy Announcement ID: SUSE-SU-2023:3490-1 Rating: moderate References: * #1214102 Cross-References: * CVE-2023-40225 CVSS scores: * CVE-2023-40225 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-40225 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for haproxy fixes the following issues: * CVE-2023-40225: Fixed request smuggling with empty content-length header value (bsc#1214102). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-3490=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3490=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.0.31-150200.11.23.1 * haproxy-debuginfo-2.0.31-150200.11.23.1 * haproxy-2.0.31-150200.11.23.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * haproxy-debugsource-2.0.31-150200.11.23.1 * haproxy-debuginfo-2.0.31-150200.11.23.1 * haproxy-2.0.31-150200.11.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40225.html * https://bugzilla.suse.com/show_bug.cgi?id=1214102 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 30 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 20:30:02 -0000 Subject: SUSE-RU-2023:3296-1: moderate: Recommended update for jdupes Message-ID: <169342740219.27474.10687997645525054644@smelt2.suse.de> # Recommended update for jdupes Announcement ID: SUSE-RU-2023:3296-1 Rating: moderate References: * SLE-20930 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that contains one feature can now be installed. ## Description: This update for jdupes fixes the following issues: jdupes, a tool to take actions on files with duplicated content, is provided in version 1.21.3. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3296=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3296=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * jdupes-1.21.3-150000.1.3.1 * jdupes-debugsource-1.21.3-150000.1.3.1 * jdupes-debuginfo-1.21.3-150000.1.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * jdupes-1.21.3-150000.1.3.1 * jdupes-debugsource-1.21.3-150000.1.3.1 * jdupes-debuginfo-1.21.3-150000.1.3.1 ## References: * https://jira.suse.com/browse/SLE-20930 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 30 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 20:30:05 -0000 Subject: SUSE-SU-2023:3497-1: important: Security update for vim Message-ID: <169342740501.27474.11182098533827205376@smelt2.suse.de> # Security update for vim Announcement ID: SUSE-SU-2023:3497-1 Rating: important References: * #1210996 * #1211256 * #1211257 * #1211461 Cross-References: * CVE-2023-2426 * CVE-2023-2609 * CVE-2023-2610 CVSS scores: * CVE-2023-2426 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2023-2426 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2426 ( NVD ): 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2023-2609 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2609 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2609 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2023-2610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-2610 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for vim fixes the following issues: Updated to version 9.0 with patch level 1572. * CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996). * CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256). * CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3497=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3497=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3497=1 openSUSE-SLE-15.5-2023-3497=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vim-9.0.1632-150500.20.3.1 * vim-small-debuginfo-9.0.1632-150500.20.3.1 * vim-debuginfo-9.0.1632-150500.20.3.1 * vim-small-9.0.1632-150500.20.3.1 * vim-debugsource-9.0.1632-150500.20.3.1 * Basesystem Module 15-SP5 (noarch) * vim-data-9.0.1632-150500.20.3.1 * vim-data-common-9.0.1632-150500.20.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gvim-debuginfo-9.0.1632-150500.20.3.1 * gvim-9.0.1632-150500.20.3.1 * vim-debuginfo-9.0.1632-150500.20.3.1 * vim-debugsource-9.0.1632-150500.20.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * vim-9.0.1632-150500.20.3.1 * vim-small-debuginfo-9.0.1632-150500.20.3.1 * gvim-9.0.1632-150500.20.3.1 * vim-debuginfo-9.0.1632-150500.20.3.1 * gvim-debuginfo-9.0.1632-150500.20.3.1 * vim-small-9.0.1632-150500.20.3.1 * vim-debugsource-9.0.1632-150500.20.3.1 * openSUSE Leap 15.5 (noarch) * vim-data-9.0.1632-150500.20.3.1 * vim-data-common-9.0.1632-150500.20.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2426.html * https://www.suse.com/security/cve/CVE-2023-2609.html * https://www.suse.com/security/cve/CVE-2023-2610.html * https://bugzilla.suse.com/show_bug.cgi?id=1210996 * https://bugzilla.suse.com/show_bug.cgi?id=1211256 * https://bugzilla.suse.com/show_bug.cgi?id=1211257 * https://bugzilla.suse.com/show_bug.cgi?id=1211461 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 30 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 20:30:08 -0000 Subject: SUSE-SU-2023:3496-1: important: Security update for xen Message-ID: <169342740819.27474.16616646725053138429@smelt2.suse.de> # Security update for xen Announcement ID: SUSE-SU-2023:3496-1 Rating: important References: * #1027519 * #1213616 * #1214082 * #1214083 Cross-References: * CVE-2022-40982 * CVE-2023-20569 * CVE-2023-20593 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for xen fixes the following issues: Update to Xen 4.13.5 bug fix release (bsc#1027519). * CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082). * CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083). * CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3496=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3496=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3496=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3496=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * xen-tools-domU-debuginfo-4.13.5_02-150200.3.74.1 * xen-tools-debuginfo-4.13.5_02-150200.3.74.1 * xen-4.13.5_02-150200.3.74.1 * xen-tools-domU-4.13.5_02-150200.3.74.1 * xen-libs-4.13.5_02-150200.3.74.1 * xen-libs-debuginfo-4.13.5_02-150200.3.74.1 * xen-tools-4.13.5_02-150200.3.74.1 * xen-devel-4.13.5_02-150200.3.74.1 * xen-debugsource-4.13.5_02-150200.3.74.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * xen-tools-domU-debuginfo-4.13.5_02-150200.3.74.1 * xen-tools-debuginfo-4.13.5_02-150200.3.74.1 * xen-4.13.5_02-150200.3.74.1 * xen-tools-domU-4.13.5_02-150200.3.74.1 * xen-libs-4.13.5_02-150200.3.74.1 * xen-libs-debuginfo-4.13.5_02-150200.3.74.1 * xen-tools-4.13.5_02-150200.3.74.1 * xen-devel-4.13.5_02-150200.3.74.1 * xen-debugsource-4.13.5_02-150200.3.74.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * xen-tools-domU-debuginfo-4.13.5_02-150200.3.74.1 * xen-tools-debuginfo-4.13.5_02-150200.3.74.1 * xen-4.13.5_02-150200.3.74.1 * xen-tools-domU-4.13.5_02-150200.3.74.1 * xen-libs-4.13.5_02-150200.3.74.1 * xen-libs-debuginfo-4.13.5_02-150200.3.74.1 * xen-tools-4.13.5_02-150200.3.74.1 * xen-devel-4.13.5_02-150200.3.74.1 * xen-debugsource-4.13.5_02-150200.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1 * SUSE Enterprise Storage 7 (x86_64) * xen-tools-domU-debuginfo-4.13.5_02-150200.3.74.1 * xen-tools-debuginfo-4.13.5_02-150200.3.74.1 * xen-4.13.5_02-150200.3.74.1 * xen-tools-domU-4.13.5_02-150200.3.74.1 * xen-libs-4.13.5_02-150200.3.74.1 * xen-libs-debuginfo-4.13.5_02-150200.3.74.1 * xen-tools-4.13.5_02-150200.3.74.1 * xen-devel-4.13.5_02-150200.3.74.1 * xen-debugsource-4.13.5_02-150200.3.74.1 * SUSE Enterprise Storage 7 (noarch) * xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1213616 * https://bugzilla.suse.com/show_bug.cgi?id=1214082 * https://bugzilla.suse.com/show_bug.cgi?id=1214083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 30 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 20:30:10 -0000 Subject: SUSE-SU-2023:3495-1: important: Security update for xen Message-ID: <169342741081.27474.9067812701944852651@smelt2.suse.de> # Security update for xen Announcement ID: SUSE-SU-2023:3495-1 Rating: important References: * #1213616 * #1214082 * #1214083 Cross-References: * CVE-2022-40982 * CVE-2023-20569 * CVE-2023-20593 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082). * CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083). * CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3495=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3495=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3495=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3495=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 x86_64) * xen-debugsource-4.12.4_36-3.91.2 * xen-devel-4.12.4_36-3.91.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * xen-tools-domU-4.12.4_36-3.91.2 * xen-tools-4.12.4_36-3.91.2 * xen-tools-domU-debuginfo-4.12.4_36-3.91.2 * xen-libs-32bit-4.12.4_36-3.91.2 * xen-libs-debuginfo-4.12.4_36-3.91.2 * xen-tools-debuginfo-4.12.4_36-3.91.2 * xen-4.12.4_36-3.91.2 * xen-debugsource-4.12.4_36-3.91.2 * xen-libs-debuginfo-32bit-4.12.4_36-3.91.2 * xen-doc-html-4.12.4_36-3.91.2 * xen-libs-4.12.4_36-3.91.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * xen-tools-domU-4.12.4_36-3.91.2 * xen-tools-4.12.4_36-3.91.2 * xen-tools-domU-debuginfo-4.12.4_36-3.91.2 * xen-libs-32bit-4.12.4_36-3.91.2 * xen-libs-debuginfo-4.12.4_36-3.91.2 * xen-tools-debuginfo-4.12.4_36-3.91.2 * xen-4.12.4_36-3.91.2 * xen-debugsource-4.12.4_36-3.91.2 * xen-libs-debuginfo-32bit-4.12.4_36-3.91.2 * xen-doc-html-4.12.4_36-3.91.2 * xen-libs-4.12.4_36-3.91.2 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * xen-tools-domU-4.12.4_36-3.91.2 * xen-tools-4.12.4_36-3.91.2 * xen-tools-domU-debuginfo-4.12.4_36-3.91.2 * xen-libs-32bit-4.12.4_36-3.91.2 * xen-libs-debuginfo-4.12.4_36-3.91.2 * xen-tools-debuginfo-4.12.4_36-3.91.2 * xen-4.12.4_36-3.91.2 * xen-debugsource-4.12.4_36-3.91.2 * xen-libs-debuginfo-32bit-4.12.4_36-3.91.2 * xen-doc-html-4.12.4_36-3.91.2 * xen-libs-4.12.4_36-3.91.2 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1213616 * https://bugzilla.suse.com/show_bug.cgi?id=1214082 * https://bugzilla.suse.com/show_bug.cgi?id=1214083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Aug 30 20:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Aug 2023 20:30:13 -0000 Subject: SUSE-SU-2023:3494-1: important: Security update for xen Message-ID: <169342741335.27474.12932691694345573155@smelt2.suse.de> # Security update for xen Announcement ID: SUSE-SU-2023:3494-1 Rating: important References: * #1213616 * #1214082 * #1214083 Cross-References: * CVE-2022-40982 * CVE-2023-20569 * CVE-2023-20593 CVSS scores: * CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082). * CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083). * CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3494=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3494=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3494=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * xen-libs-debuginfo-4.12.4_36-150100.3.89.1 * xen-debugsource-4.12.4_36-150100.3.89.1 * xen-devel-4.12.4_36-150100.3.89.1 * xen-libs-4.12.4_36-150100.3.89.1 * xen-tools-4.12.4_36-150100.3.89.1 * xen-tools-debuginfo-4.12.4_36-150100.3.89.1 * xen-tools-domU-4.12.4_36-150100.3.89.1 * xen-4.12.4_36-150100.3.89.1 * xen-tools-domU-debuginfo-4.12.4_36-150100.3.89.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * xen-libs-debuginfo-4.12.4_36-150100.3.89.1 * xen-debugsource-4.12.4_36-150100.3.89.1 * xen-devel-4.12.4_36-150100.3.89.1 * xen-libs-4.12.4_36-150100.3.89.1 * xen-tools-4.12.4_36-150100.3.89.1 * xen-tools-debuginfo-4.12.4_36-150100.3.89.1 * xen-tools-domU-4.12.4_36-150100.3.89.1 * xen-4.12.4_36-150100.3.89.1 * xen-tools-domU-debuginfo-4.12.4_36-150100.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * xen-libs-debuginfo-4.12.4_36-150100.3.89.1 * xen-debugsource-4.12.4_36-150100.3.89.1 * xen-devel-4.12.4_36-150100.3.89.1 * xen-libs-4.12.4_36-150100.3.89.1 * xen-tools-4.12.4_36-150100.3.89.1 * xen-tools-debuginfo-4.12.4_36-150100.3.89.1 * xen-tools-domU-4.12.4_36-150100.3.89.1 * xen-4.12.4_36-150100.3.89.1 * xen-tools-domU-debuginfo-4.12.4_36-150100.3.89.1 * SUSE CaaS Platform 4.0 (x86_64) * xen-libs-debuginfo-4.12.4_36-150100.3.89.1 * xen-debugsource-4.12.4_36-150100.3.89.1 * xen-devel-4.12.4_36-150100.3.89.1 * xen-libs-4.12.4_36-150100.3.89.1 * xen-tools-4.12.4_36-150100.3.89.1 * xen-tools-debuginfo-4.12.4_36-150100.3.89.1 * xen-tools-domU-4.12.4_36-150100.3.89.1 * xen-4.12.4_36-150100.3.89.1 * xen-tools-domU-debuginfo-4.12.4_36-150100.3.89.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://bugzilla.suse.com/show_bug.cgi?id=1213616 * https://bugzilla.suse.com/show_bug.cgi?id=1214082 * https://bugzilla.suse.com/show_bug.cgi?id=1214083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 31 07:03:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 09:03:24 +0200 (CEST) Subject: SUSE-CU-2023:2771-1: Recommended update of suse/389-ds Message-ID: <20230831070324.B2C57FDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2771-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-14.51 , suse/389-ds:latest Container Release : 14.51 Severity : moderate Type : recommended References : 1103893 1112183 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1212726 1213185 1213575 1213873 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3411-1 Released: Thu Aug 24 06:58:06 2023 Summary: Recommended update for 389-ds Type: recommended Severity: moderate References: 1212726 This update for 389-ds fixes the following issues: - SSSD client performance improvements (bsc#1212726) - Update to version 2.2.8~git37.fdb3bae ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issue: - Rename sources in preparation of python3.11 (jsc#PED-68) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - python3-text-unidecode-1.3-150400.5.69 updated - python3-ordered-set-4.0.2-150400.8.34 updated - libsvrcore0-2.2.8~git37.fdb3bae-150500.3.11.1 updated - python3-ldap-3.4.0-150400.5.69 updated - python3-python-slugify-5.0.2-150400.5.69 updated - lib389-2.2.8~git37.fdb3bae-150500.3.11.1 updated - 389-ds-2.2.8~git37.fdb3bae-150500.3.11.1 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Thu Aug 31 07:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 09:03:33 +0200 (CEST) Subject: SUSE-CU-2023:2772-1: Security update of suse/registry Message-ID: <20230831070333.97080FDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2772-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.20 , suse/registry:latest Container Release : 14.20 Severity : important Type : security References : 1214248 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 The following package changes have been done: - ca-certificates-mozilla-2.62-150200.30.1 updated - container:micro-image-15.5.0-11.3 updated From sle-updates at lists.suse.com Thu Aug 31 07:03:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 09:03:50 +0200 (CEST) Subject: SUSE-CU-2023:2773-1: Recommended update of bci/dotnet-sdk Message-ID: <20230831070350.F2566FDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2773-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-12.10 , bci/dotnet-sdk:7.0.10 , bci/dotnet-sdk:7.0.10-12.10 , bci/dotnet-sdk:latest Container Release : 12.10 Severity : moderate Type : recommended References : 1103893 1112183 1186606 1194609 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) The following package changes have been done: - libsystemd0-249.16-150400.8.33.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Thu Aug 31 07:03:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 09:03:56 +0200 (CEST) Subject: SUSE-CU-2023:2774-1: Security update of bci/bci-micro Message-ID: <20230831070356.580A5FDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2774-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.11.3 , bci/bci-micro:latest Container Release : 11.3 Severity : important Type : security References : 1214248 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.62-150200.30.1 updated From sle-updates at lists.suse.com Thu Aug 31 07:04:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 09:04:05 +0200 (CEST) Subject: SUSE-CU-2023:2776-1: Security update of suse/nginx Message-ID: <20230831070405.BE8CEFDC9@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2776-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-3.19 , suse/nginx:latest Container Release : 3.19 Severity : moderate Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210419 1210702 1211576 1212434 1213185 1213575 1213873 1214025 CVE-2023-2004 CVE-2023-4156 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - gawk-4.2.1-150000.3.3.1 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Thu Aug 31 07:04:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 09:04:19 +0200 (CEST) Subject: SUSE-CU-2023:2777-1: Recommended update of bci/nodejs Message-ID: <20230831070419.CEBB3FDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2777-1 Container Tags : bci/node:16 , bci/node:16-9.40 , bci/nodejs:16 , bci/nodejs:16-9.40 Container Release : 9.40 Severity : moderate Type : recommended References : 1186606 1194609 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libsystemd0-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Thu Aug 31 07:04:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 09:04:35 +0200 (CEST) Subject: SUSE-CU-2023:2778-1: Security update of bci/openjdk-devel Message-ID: <20230831070435.B0C1BFDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2778-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.82 Container Release : 8.82 Severity : moderate Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210419 1210702 1211576 1212434 1213185 1213575 1213873 CVE-2023-2004 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - container:bci-openjdk-11-15.5.11-9.39 updated From sle-updates at lists.suse.com Thu Aug 31 07:04:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 09:04:49 +0200 (CEST) Subject: SUSE-CU-2023:2779-1: Security update of bci/openjdk Message-ID: <20230831070449.A96C1FDC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2779-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-10.39 , bci/openjdk:latest Container Release : 10.39 Severity : moderate Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210419 1210702 1211576 1212434 1213185 1213575 1213873 CVE-2023-2004 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Thu Aug 31 08:31:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 08:31:30 -0000 Subject: SUSE-SU-2023:3498-1: important: Security update for php7 Message-ID: <169347069015.19430.17162649725325556585@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:3498-1 Rating: important References: * #1214103 * #1214106 Cross-References: * CVE-2023-3823 * CVE-2023-3824 CVSS scores: * CVE-2023-3823 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3823 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-3824 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-3824 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106) * CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3498=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3498=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3498=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3498=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3498=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3498=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3498=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3498=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3498=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3498=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3498=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * php7-zip-debuginfo-7.4.33-150200.3.60.1 * php7-xmlreader-7.4.33-150200.3.60.1 * php7-fastcgi-7.4.33-150200.3.60.1 * php7-pgsql-debuginfo-7.4.33-150200.3.60.1 * php7-ctype-debuginfo-7.4.33-150200.3.60.1 * php7-json-7.4.33-150200.3.60.1 * php7-zlib-7.4.33-150200.3.60.1 * php7-gettext-debuginfo-7.4.33-150200.3.60.1 * php7-exif-7.4.33-150200.3.60.1 * php7-gmp-debuginfo-7.4.33-150200.3.60.1 * php7-bz2-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-7.4.33-150200.3.60.1 * php7-iconv-7.4.33-150200.3.60.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-debuginfo-7.4.33-150200.3.60.1 * php7-mbstring-7.4.33-150200.3.60.1 * php7-fileinfo-7.4.33-150200.3.60.1 * php7-posix-7.4.33-150200.3.60.1 * php7-curl-7.4.33-150200.3.60.1 * php7-enchant-7.4.33-150200.3.60.1 * php7-calendar-debuginfo-7.4.33-150200.3.60.1 * php7-intl-7.4.33-150200.3.60.1 * php7-enchant-debuginfo-7.4.33-150200.3.60.1 * php7-json-debuginfo-7.4.33-150200.3.60.1 * php7-gettext-7.4.33-150200.3.60.1 * php7-pdo-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-7.4.33-150200.3.60.1 * php7-mbstring-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-debuginfo-7.4.33-150200.3.60.1 * php7-soap-7.4.33-150200.3.60.1 * php7-phar-7.4.33-150200.3.60.1 * php7-devel-7.4.33-150200.3.60.1 * php7-ctype-7.4.33-150200.3.60.1 * php7-bcmath-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-7.4.33-150200.3.60.1 * php7-xmlrpc-7.4.33-150200.3.60.1 * php7-pdo-7.4.33-150200.3.60.1 * php7-gmp-7.4.33-150200.3.60.1 * php7-debugsource-7.4.33-150200.3.60.1 * php7-tokenizer-7.4.33-150200.3.60.1 * php7-debuginfo-7.4.33-150200.3.60.1 * php7-bcmath-7.4.33-150200.3.60.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.60.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.60.1 * php7-opcache-debuginfo-7.4.33-150200.3.60.1 * php7-sysvshm-7.4.33-150200.3.60.1 * php7-bz2-7.4.33-150200.3.60.1 * php7-openssl-7.4.33-150200.3.60.1 * php7-mysql-7.4.33-150200.3.60.1 * php7-pgsql-7.4.33-150200.3.60.1 * php7-ftp-debuginfo-7.4.33-150200.3.60.1 * apache2-mod_php7-7.4.33-150200.3.60.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.60.1 * php7-xsl-debuginfo-7.4.33-150200.3.60.1 * php7-iconv-debuginfo-7.4.33-150200.3.60.1 * php7-gd-debuginfo-7.4.33-150200.3.60.1 * php7-sqlite-7.4.33-150200.3.60.1 * php7-odbc-7.4.33-150200.3.60.1 * php7-zlib-debuginfo-7.4.33-150200.3.60.1 * php7-exif-debuginfo-7.4.33-150200.3.60.1 * php7-calendar-7.4.33-150200.3.60.1 * php7-soap-debuginfo-7.4.33-150200.3.60.1 * php7-phar-debuginfo-7.4.33-150200.3.60.1 * php7-sysvsem-7.4.33-150200.3.60.1 * php7-posix-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-7.4.33-150200.3.60.1 * php7-opcache-7.4.33-150200.3.60.1 * php7-sockets-debuginfo-7.4.33-150200.3.60.1 * php7-sockets-7.4.33-150200.3.60.1 * php7-dba-7.4.33-150200.3.60.1 * php7-odbc-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.60.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-debuginfo-7.4.33-150200.3.60.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.60.1 * php7-dom-debuginfo-7.4.33-150200.3.60.1 * php7-fpm-7.4.33-150200.3.60.1 * php7-readline-7.4.33-150200.3.60.1 * php7-curl-debuginfo-7.4.33-150200.3.60.1 * php7-dba-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-7.4.33-150200.3.60.1 * php7-readline-debuginfo-7.4.33-150200.3.60.1 * php7-intl-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-7.4.33-150200.3.60.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.60.1 * php7-zip-7.4.33-150200.3.60.1 * php7-7.4.33-150200.3.60.1 * php7-ftp-7.4.33-150200.3.60.1 * php7-gd-7.4.33-150200.3.60.1 * php7-sqlite-debuginfo-7.4.33-150200.3.60.1 * php7-openssl-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-debuginfo-7.4.33-150200.3.60.1 * php7-dom-7.4.33-150200.3.60.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-7.4.33-150200.3.60.1 * php7-xsl-7.4.33-150200.3.60.1 * php7-fpm-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-7.4.33-150200.3.60.1 * php7-mysql-debuginfo-7.4.33-150200.3.60.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * php7-zip-debuginfo-7.4.33-150200.3.60.1 * php7-xmlreader-7.4.33-150200.3.60.1 * php7-fastcgi-7.4.33-150200.3.60.1 * php7-pgsql-debuginfo-7.4.33-150200.3.60.1 * php7-ctype-debuginfo-7.4.33-150200.3.60.1 * php7-json-7.4.33-150200.3.60.1 * php7-zlib-7.4.33-150200.3.60.1 * php7-gettext-debuginfo-7.4.33-150200.3.60.1 * php7-exif-7.4.33-150200.3.60.1 * php7-gmp-debuginfo-7.4.33-150200.3.60.1 * php7-bz2-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-7.4.33-150200.3.60.1 * php7-iconv-7.4.33-150200.3.60.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-debuginfo-7.4.33-150200.3.60.1 * php7-mbstring-7.4.33-150200.3.60.1 * php7-fileinfo-7.4.33-150200.3.60.1 * php7-posix-7.4.33-150200.3.60.1 * php7-curl-7.4.33-150200.3.60.1 * php7-enchant-7.4.33-150200.3.60.1 * php7-calendar-debuginfo-7.4.33-150200.3.60.1 * php7-intl-7.4.33-150200.3.60.1 * php7-enchant-debuginfo-7.4.33-150200.3.60.1 * php7-json-debuginfo-7.4.33-150200.3.60.1 * php7-gettext-7.4.33-150200.3.60.1 * php7-pdo-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-7.4.33-150200.3.60.1 * php7-mbstring-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-debuginfo-7.4.33-150200.3.60.1 * php7-soap-7.4.33-150200.3.60.1 * php7-phar-7.4.33-150200.3.60.1 * php7-devel-7.4.33-150200.3.60.1 * php7-ctype-7.4.33-150200.3.60.1 * php7-bcmath-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-7.4.33-150200.3.60.1 * php7-xmlrpc-7.4.33-150200.3.60.1 * php7-pdo-7.4.33-150200.3.60.1 * php7-gmp-7.4.33-150200.3.60.1 * php7-debugsource-7.4.33-150200.3.60.1 * php7-tokenizer-7.4.33-150200.3.60.1 * php7-debuginfo-7.4.33-150200.3.60.1 * php7-bcmath-7.4.33-150200.3.60.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.60.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.60.1 * php7-opcache-debuginfo-7.4.33-150200.3.60.1 * php7-sysvshm-7.4.33-150200.3.60.1 * php7-bz2-7.4.33-150200.3.60.1 * php7-openssl-7.4.33-150200.3.60.1 * php7-mysql-7.4.33-150200.3.60.1 * php7-pgsql-7.4.33-150200.3.60.1 * php7-ftp-debuginfo-7.4.33-150200.3.60.1 * apache2-mod_php7-7.4.33-150200.3.60.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.60.1 * php7-xsl-debuginfo-7.4.33-150200.3.60.1 * php7-iconv-debuginfo-7.4.33-150200.3.60.1 * php7-gd-debuginfo-7.4.33-150200.3.60.1 * php7-sqlite-7.4.33-150200.3.60.1 * php7-odbc-7.4.33-150200.3.60.1 * php7-zlib-debuginfo-7.4.33-150200.3.60.1 * php7-exif-debuginfo-7.4.33-150200.3.60.1 * php7-calendar-7.4.33-150200.3.60.1 * php7-soap-debuginfo-7.4.33-150200.3.60.1 * php7-phar-debuginfo-7.4.33-150200.3.60.1 * php7-sysvsem-7.4.33-150200.3.60.1 * php7-posix-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-7.4.33-150200.3.60.1 * php7-opcache-7.4.33-150200.3.60.1 * php7-sockets-debuginfo-7.4.33-150200.3.60.1 * php7-sockets-7.4.33-150200.3.60.1 * php7-dba-7.4.33-150200.3.60.1 * php7-odbc-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.60.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-debuginfo-7.4.33-150200.3.60.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.60.1 * php7-dom-debuginfo-7.4.33-150200.3.60.1 * php7-fpm-7.4.33-150200.3.60.1 * php7-readline-7.4.33-150200.3.60.1 * php7-curl-debuginfo-7.4.33-150200.3.60.1 * php7-dba-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-7.4.33-150200.3.60.1 * php7-readline-debuginfo-7.4.33-150200.3.60.1 * php7-intl-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-7.4.33-150200.3.60.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.60.1 * php7-zip-7.4.33-150200.3.60.1 * php7-7.4.33-150200.3.60.1 * php7-ftp-7.4.33-150200.3.60.1 * php7-gd-7.4.33-150200.3.60.1 * php7-sqlite-debuginfo-7.4.33-150200.3.60.1 * php7-openssl-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-debuginfo-7.4.33-150200.3.60.1 * php7-dom-7.4.33-150200.3.60.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-7.4.33-150200.3.60.1 * php7-xsl-7.4.33-150200.3.60.1 * php7-fpm-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-7.4.33-150200.3.60.1 * php7-mysql-debuginfo-7.4.33-150200.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * php7-zip-debuginfo-7.4.33-150200.3.60.1 * php7-xmlreader-7.4.33-150200.3.60.1 * php7-fastcgi-7.4.33-150200.3.60.1 * php7-pgsql-debuginfo-7.4.33-150200.3.60.1 * php7-ctype-debuginfo-7.4.33-150200.3.60.1 * php7-json-7.4.33-150200.3.60.1 * php7-zlib-7.4.33-150200.3.60.1 * php7-gettext-debuginfo-7.4.33-150200.3.60.1 * php7-exif-7.4.33-150200.3.60.1 * php7-gmp-debuginfo-7.4.33-150200.3.60.1 * php7-bz2-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-7.4.33-150200.3.60.1 * php7-iconv-7.4.33-150200.3.60.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-debuginfo-7.4.33-150200.3.60.1 * php7-mbstring-7.4.33-150200.3.60.1 * php7-fileinfo-7.4.33-150200.3.60.1 * php7-posix-7.4.33-150200.3.60.1 * php7-curl-7.4.33-150200.3.60.1 * php7-enchant-7.4.33-150200.3.60.1 * php7-calendar-debuginfo-7.4.33-150200.3.60.1 * php7-intl-7.4.33-150200.3.60.1 * php7-enchant-debuginfo-7.4.33-150200.3.60.1 * php7-json-debuginfo-7.4.33-150200.3.60.1 * php7-gettext-7.4.33-150200.3.60.1 * php7-pdo-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-7.4.33-150200.3.60.1 * php7-mbstring-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-debuginfo-7.4.33-150200.3.60.1 * php7-soap-7.4.33-150200.3.60.1 * php7-phar-7.4.33-150200.3.60.1 * php7-devel-7.4.33-150200.3.60.1 * php7-ctype-7.4.33-150200.3.60.1 * php7-bcmath-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-7.4.33-150200.3.60.1 * php7-xmlrpc-7.4.33-150200.3.60.1 * php7-pdo-7.4.33-150200.3.60.1 * php7-gmp-7.4.33-150200.3.60.1 * php7-debugsource-7.4.33-150200.3.60.1 * php7-tokenizer-7.4.33-150200.3.60.1 * php7-debuginfo-7.4.33-150200.3.60.1 * php7-bcmath-7.4.33-150200.3.60.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.60.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.60.1 * php7-opcache-debuginfo-7.4.33-150200.3.60.1 * php7-sysvshm-7.4.33-150200.3.60.1 * php7-bz2-7.4.33-150200.3.60.1 * php7-openssl-7.4.33-150200.3.60.1 * php7-mysql-7.4.33-150200.3.60.1 * php7-pgsql-7.4.33-150200.3.60.1 * php7-ftp-debuginfo-7.4.33-150200.3.60.1 * apache2-mod_php7-7.4.33-150200.3.60.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.60.1 * php7-xsl-debuginfo-7.4.33-150200.3.60.1 * php7-iconv-debuginfo-7.4.33-150200.3.60.1 * php7-gd-debuginfo-7.4.33-150200.3.60.1 * php7-sqlite-7.4.33-150200.3.60.1 * php7-odbc-7.4.33-150200.3.60.1 * php7-zlib-debuginfo-7.4.33-150200.3.60.1 * php7-exif-debuginfo-7.4.33-150200.3.60.1 * php7-calendar-7.4.33-150200.3.60.1 * php7-soap-debuginfo-7.4.33-150200.3.60.1 * php7-phar-debuginfo-7.4.33-150200.3.60.1 * php7-sysvsem-7.4.33-150200.3.60.1 * php7-posix-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-7.4.33-150200.3.60.1 * php7-opcache-7.4.33-150200.3.60.1 * php7-sockets-debuginfo-7.4.33-150200.3.60.1 * php7-sockets-7.4.33-150200.3.60.1 * php7-dba-7.4.33-150200.3.60.1 * php7-odbc-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.60.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-debuginfo-7.4.33-150200.3.60.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.60.1 * php7-dom-debuginfo-7.4.33-150200.3.60.1 * php7-fpm-7.4.33-150200.3.60.1 * php7-readline-7.4.33-150200.3.60.1 * php7-curl-debuginfo-7.4.33-150200.3.60.1 * php7-dba-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-7.4.33-150200.3.60.1 * php7-readline-debuginfo-7.4.33-150200.3.60.1 * php7-intl-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-7.4.33-150200.3.60.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.60.1 * php7-zip-7.4.33-150200.3.60.1 * php7-7.4.33-150200.3.60.1 * php7-ftp-7.4.33-150200.3.60.1 * php7-gd-7.4.33-150200.3.60.1 * php7-sqlite-debuginfo-7.4.33-150200.3.60.1 * php7-openssl-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-debuginfo-7.4.33-150200.3.60.1 * php7-dom-7.4.33-150200.3.60.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-7.4.33-150200.3.60.1 * php7-xsl-7.4.33-150200.3.60.1 * php7-fpm-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-7.4.33-150200.3.60.1 * php7-mysql-debuginfo-7.4.33-150200.3.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * php7-zip-debuginfo-7.4.33-150200.3.60.1 * php7-xmlreader-7.4.33-150200.3.60.1 * php7-fastcgi-7.4.33-150200.3.60.1 * php7-pgsql-debuginfo-7.4.33-150200.3.60.1 * php7-ctype-debuginfo-7.4.33-150200.3.60.1 * php7-json-7.4.33-150200.3.60.1 * php7-zlib-7.4.33-150200.3.60.1 * php7-gettext-debuginfo-7.4.33-150200.3.60.1 * php7-exif-7.4.33-150200.3.60.1 * php7-gmp-debuginfo-7.4.33-150200.3.60.1 * php7-bz2-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-7.4.33-150200.3.60.1 * php7-iconv-7.4.33-150200.3.60.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-debuginfo-7.4.33-150200.3.60.1 * php7-mbstring-7.4.33-150200.3.60.1 * php7-fileinfo-7.4.33-150200.3.60.1 * php7-posix-7.4.33-150200.3.60.1 * php7-curl-7.4.33-150200.3.60.1 * php7-enchant-7.4.33-150200.3.60.1 * php7-calendar-debuginfo-7.4.33-150200.3.60.1 * php7-intl-7.4.33-150200.3.60.1 * php7-enchant-debuginfo-7.4.33-150200.3.60.1 * php7-json-debuginfo-7.4.33-150200.3.60.1 * php7-gettext-7.4.33-150200.3.60.1 * php7-pdo-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-7.4.33-150200.3.60.1 * php7-mbstring-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-debuginfo-7.4.33-150200.3.60.1 * php7-soap-7.4.33-150200.3.60.1 * php7-phar-7.4.33-150200.3.60.1 * php7-devel-7.4.33-150200.3.60.1 * php7-ctype-7.4.33-150200.3.60.1 * php7-bcmath-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-7.4.33-150200.3.60.1 * php7-xmlrpc-7.4.33-150200.3.60.1 * php7-pdo-7.4.33-150200.3.60.1 * php7-gmp-7.4.33-150200.3.60.1 * php7-debugsource-7.4.33-150200.3.60.1 * php7-tokenizer-7.4.33-150200.3.60.1 * php7-debuginfo-7.4.33-150200.3.60.1 * php7-bcmath-7.4.33-150200.3.60.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.60.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.60.1 * php7-opcache-debuginfo-7.4.33-150200.3.60.1 * php7-sysvshm-7.4.33-150200.3.60.1 * php7-bz2-7.4.33-150200.3.60.1 * php7-openssl-7.4.33-150200.3.60.1 * php7-mysql-7.4.33-150200.3.60.1 * php7-pgsql-7.4.33-150200.3.60.1 * php7-ftp-debuginfo-7.4.33-150200.3.60.1 * apache2-mod_php7-7.4.33-150200.3.60.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.60.1 * php7-xsl-debuginfo-7.4.33-150200.3.60.1 * php7-iconv-debuginfo-7.4.33-150200.3.60.1 * php7-gd-debuginfo-7.4.33-150200.3.60.1 * php7-sqlite-7.4.33-150200.3.60.1 * php7-odbc-7.4.33-150200.3.60.1 * php7-zlib-debuginfo-7.4.33-150200.3.60.1 * php7-exif-debuginfo-7.4.33-150200.3.60.1 * php7-calendar-7.4.33-150200.3.60.1 * php7-soap-debuginfo-7.4.33-150200.3.60.1 * php7-phar-debuginfo-7.4.33-150200.3.60.1 * php7-sysvsem-7.4.33-150200.3.60.1 * php7-posix-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-7.4.33-150200.3.60.1 * php7-opcache-7.4.33-150200.3.60.1 * php7-sockets-debuginfo-7.4.33-150200.3.60.1 * php7-sockets-7.4.33-150200.3.60.1 * php7-dba-7.4.33-150200.3.60.1 * php7-odbc-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.60.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-debuginfo-7.4.33-150200.3.60.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.60.1 * php7-dom-debuginfo-7.4.33-150200.3.60.1 * php7-fpm-7.4.33-150200.3.60.1 * php7-readline-7.4.33-150200.3.60.1 * php7-curl-debuginfo-7.4.33-150200.3.60.1 * php7-dba-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-7.4.33-150200.3.60.1 * php7-readline-debuginfo-7.4.33-150200.3.60.1 * php7-intl-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-7.4.33-150200.3.60.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.60.1 * php7-zip-7.4.33-150200.3.60.1 * php7-7.4.33-150200.3.60.1 * php7-ftp-7.4.33-150200.3.60.1 * php7-gd-7.4.33-150200.3.60.1 * php7-sqlite-debuginfo-7.4.33-150200.3.60.1 * php7-openssl-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-debuginfo-7.4.33-150200.3.60.1 * php7-dom-7.4.33-150200.3.60.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-7.4.33-150200.3.60.1 * php7-xsl-7.4.33-150200.3.60.1 * php7-fpm-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-7.4.33-150200.3.60.1 * php7-mysql-debuginfo-7.4.33-150200.3.60.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * php7-zip-debuginfo-7.4.33-150200.3.60.1 * php7-xmlreader-7.4.33-150200.3.60.1 * php7-fastcgi-7.4.33-150200.3.60.1 * php7-pgsql-debuginfo-7.4.33-150200.3.60.1 * php7-ctype-debuginfo-7.4.33-150200.3.60.1 * php7-json-7.4.33-150200.3.60.1 * php7-zlib-7.4.33-150200.3.60.1 * php7-gettext-debuginfo-7.4.33-150200.3.60.1 * php7-exif-7.4.33-150200.3.60.1 * php7-gmp-debuginfo-7.4.33-150200.3.60.1 * php7-bz2-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-7.4.33-150200.3.60.1 * php7-iconv-7.4.33-150200.3.60.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-debuginfo-7.4.33-150200.3.60.1 * php7-mbstring-7.4.33-150200.3.60.1 * php7-fileinfo-7.4.33-150200.3.60.1 * php7-posix-7.4.33-150200.3.60.1 * php7-curl-7.4.33-150200.3.60.1 * php7-enchant-7.4.33-150200.3.60.1 * php7-calendar-debuginfo-7.4.33-150200.3.60.1 * php7-intl-7.4.33-150200.3.60.1 * php7-enchant-debuginfo-7.4.33-150200.3.60.1 * php7-json-debuginfo-7.4.33-150200.3.60.1 * php7-gettext-7.4.33-150200.3.60.1 * php7-pdo-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-7.4.33-150200.3.60.1 * php7-mbstring-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-debuginfo-7.4.33-150200.3.60.1 * php7-soap-7.4.33-150200.3.60.1 * php7-phar-7.4.33-150200.3.60.1 * php7-devel-7.4.33-150200.3.60.1 * php7-ctype-7.4.33-150200.3.60.1 * php7-bcmath-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-7.4.33-150200.3.60.1 * php7-xmlrpc-7.4.33-150200.3.60.1 * php7-pdo-7.4.33-150200.3.60.1 * php7-gmp-7.4.33-150200.3.60.1 * php7-debugsource-7.4.33-150200.3.60.1 * php7-tokenizer-7.4.33-150200.3.60.1 * php7-debuginfo-7.4.33-150200.3.60.1 * php7-bcmath-7.4.33-150200.3.60.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.60.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.60.1 * php7-opcache-debuginfo-7.4.33-150200.3.60.1 * php7-sysvshm-7.4.33-150200.3.60.1 * php7-bz2-7.4.33-150200.3.60.1 * php7-openssl-7.4.33-150200.3.60.1 * php7-mysql-7.4.33-150200.3.60.1 * php7-pgsql-7.4.33-150200.3.60.1 * php7-ftp-debuginfo-7.4.33-150200.3.60.1 * apache2-mod_php7-7.4.33-150200.3.60.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.60.1 * php7-xsl-debuginfo-7.4.33-150200.3.60.1 * php7-iconv-debuginfo-7.4.33-150200.3.60.1 * php7-gd-debuginfo-7.4.33-150200.3.60.1 * php7-sqlite-7.4.33-150200.3.60.1 * php7-odbc-7.4.33-150200.3.60.1 * php7-zlib-debuginfo-7.4.33-150200.3.60.1 * php7-exif-debuginfo-7.4.33-150200.3.60.1 * php7-calendar-7.4.33-150200.3.60.1 * php7-soap-debuginfo-7.4.33-150200.3.60.1 * php7-phar-debuginfo-7.4.33-150200.3.60.1 * php7-sysvsem-7.4.33-150200.3.60.1 * php7-posix-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-7.4.33-150200.3.60.1 * php7-opcache-7.4.33-150200.3.60.1 * php7-sockets-debuginfo-7.4.33-150200.3.60.1 * php7-sockets-7.4.33-150200.3.60.1 * php7-dba-7.4.33-150200.3.60.1 * php7-odbc-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.60.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-debuginfo-7.4.33-150200.3.60.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.60.1 * php7-dom-debuginfo-7.4.33-150200.3.60.1 * php7-fpm-7.4.33-150200.3.60.1 * php7-readline-7.4.33-150200.3.60.1 * php7-curl-debuginfo-7.4.33-150200.3.60.1 * php7-dba-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-7.4.33-150200.3.60.1 * php7-readline-debuginfo-7.4.33-150200.3.60.1 * php7-intl-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-7.4.33-150200.3.60.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.60.1 * php7-zip-7.4.33-150200.3.60.1 * php7-7.4.33-150200.3.60.1 * php7-ftp-7.4.33-150200.3.60.1 * php7-gd-7.4.33-150200.3.60.1 * php7-sqlite-debuginfo-7.4.33-150200.3.60.1 * php7-openssl-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-debuginfo-7.4.33-150200.3.60.1 * php7-dom-7.4.33-150200.3.60.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-7.4.33-150200.3.60.1 * php7-xsl-7.4.33-150200.3.60.1 * php7-fpm-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-7.4.33-150200.3.60.1 * php7-mysql-debuginfo-7.4.33-150200.3.60.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * php7-zip-debuginfo-7.4.33-150200.3.60.1 * php7-xmlreader-7.4.33-150200.3.60.1 * php7-fastcgi-7.4.33-150200.3.60.1 * php7-pgsql-debuginfo-7.4.33-150200.3.60.1 * php7-ctype-debuginfo-7.4.33-150200.3.60.1 * php7-json-7.4.33-150200.3.60.1 * php7-zlib-7.4.33-150200.3.60.1 * php7-gettext-debuginfo-7.4.33-150200.3.60.1 * php7-exif-7.4.33-150200.3.60.1 * php7-gmp-debuginfo-7.4.33-150200.3.60.1 * php7-bz2-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-7.4.33-150200.3.60.1 * php7-iconv-7.4.33-150200.3.60.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-debuginfo-7.4.33-150200.3.60.1 * php7-mbstring-7.4.33-150200.3.60.1 * php7-fileinfo-7.4.33-150200.3.60.1 * php7-posix-7.4.33-150200.3.60.1 * php7-curl-7.4.33-150200.3.60.1 * php7-enchant-7.4.33-150200.3.60.1 * php7-calendar-debuginfo-7.4.33-150200.3.60.1 * php7-intl-7.4.33-150200.3.60.1 * php7-enchant-debuginfo-7.4.33-150200.3.60.1 * php7-json-debuginfo-7.4.33-150200.3.60.1 * php7-gettext-7.4.33-150200.3.60.1 * php7-pdo-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-7.4.33-150200.3.60.1 * php7-mbstring-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-debuginfo-7.4.33-150200.3.60.1 * php7-soap-7.4.33-150200.3.60.1 * php7-phar-7.4.33-150200.3.60.1 * php7-devel-7.4.33-150200.3.60.1 * php7-ctype-7.4.33-150200.3.60.1 * php7-bcmath-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-7.4.33-150200.3.60.1 * php7-xmlrpc-7.4.33-150200.3.60.1 * php7-pdo-7.4.33-150200.3.60.1 * php7-gmp-7.4.33-150200.3.60.1 * php7-debugsource-7.4.33-150200.3.60.1 * php7-tokenizer-7.4.33-150200.3.60.1 * php7-debuginfo-7.4.33-150200.3.60.1 * php7-bcmath-7.4.33-150200.3.60.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.60.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.60.1 * php7-opcache-debuginfo-7.4.33-150200.3.60.1 * php7-sysvshm-7.4.33-150200.3.60.1 * php7-bz2-7.4.33-150200.3.60.1 * php7-openssl-7.4.33-150200.3.60.1 * php7-mysql-7.4.33-150200.3.60.1 * php7-pgsql-7.4.33-150200.3.60.1 * php7-ftp-debuginfo-7.4.33-150200.3.60.1 * apache2-mod_php7-7.4.33-150200.3.60.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.60.1 * php7-xsl-debuginfo-7.4.33-150200.3.60.1 * php7-iconv-debuginfo-7.4.33-150200.3.60.1 * php7-gd-debuginfo-7.4.33-150200.3.60.1 * php7-sqlite-7.4.33-150200.3.60.1 * php7-odbc-7.4.33-150200.3.60.1 * php7-zlib-debuginfo-7.4.33-150200.3.60.1 * php7-exif-debuginfo-7.4.33-150200.3.60.1 * php7-calendar-7.4.33-150200.3.60.1 * php7-soap-debuginfo-7.4.33-150200.3.60.1 * php7-phar-debuginfo-7.4.33-150200.3.60.1 * php7-sysvsem-7.4.33-150200.3.60.1 * php7-posix-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-7.4.33-150200.3.60.1 * php7-opcache-7.4.33-150200.3.60.1 * php7-sockets-debuginfo-7.4.33-150200.3.60.1 * php7-sockets-7.4.33-150200.3.60.1 * php7-dba-7.4.33-150200.3.60.1 * php7-odbc-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.60.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-debuginfo-7.4.33-150200.3.60.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.60.1 * php7-dom-debuginfo-7.4.33-150200.3.60.1 * php7-fpm-7.4.33-150200.3.60.1 * php7-readline-7.4.33-150200.3.60.1 * php7-curl-debuginfo-7.4.33-150200.3.60.1 * php7-dba-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-7.4.33-150200.3.60.1 * php7-readline-debuginfo-7.4.33-150200.3.60.1 * php7-intl-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-7.4.33-150200.3.60.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.60.1 * php7-zip-7.4.33-150200.3.60.1 * php7-7.4.33-150200.3.60.1 * php7-ftp-7.4.33-150200.3.60.1 * php7-gd-7.4.33-150200.3.60.1 * php7-sqlite-debuginfo-7.4.33-150200.3.60.1 * php7-openssl-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-debuginfo-7.4.33-150200.3.60.1 * php7-dom-7.4.33-150200.3.60.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-7.4.33-150200.3.60.1 * php7-xsl-7.4.33-150200.3.60.1 * php7-fpm-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-7.4.33-150200.3.60.1 * php7-mysql-debuginfo-7.4.33-150200.3.60.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * php7-zip-debuginfo-7.4.33-150200.3.60.1 * php7-xmlreader-7.4.33-150200.3.60.1 * php7-fastcgi-7.4.33-150200.3.60.1 * php7-pgsql-debuginfo-7.4.33-150200.3.60.1 * php7-ctype-debuginfo-7.4.33-150200.3.60.1 * php7-json-7.4.33-150200.3.60.1 * php7-zlib-7.4.33-150200.3.60.1 * php7-gettext-debuginfo-7.4.33-150200.3.60.1 * php7-exif-7.4.33-150200.3.60.1 * php7-gmp-debuginfo-7.4.33-150200.3.60.1 * php7-bz2-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-7.4.33-150200.3.60.1 * php7-iconv-7.4.33-150200.3.60.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-debuginfo-7.4.33-150200.3.60.1 * php7-mbstring-7.4.33-150200.3.60.1 * php7-fileinfo-7.4.33-150200.3.60.1 * php7-posix-7.4.33-150200.3.60.1 * php7-curl-7.4.33-150200.3.60.1 * php7-enchant-7.4.33-150200.3.60.1 * php7-calendar-debuginfo-7.4.33-150200.3.60.1 * php7-intl-7.4.33-150200.3.60.1 * php7-enchant-debuginfo-7.4.33-150200.3.60.1 * php7-json-debuginfo-7.4.33-150200.3.60.1 * php7-gettext-7.4.33-150200.3.60.1 * php7-pdo-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-7.4.33-150200.3.60.1 * php7-mbstring-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-debuginfo-7.4.33-150200.3.60.1 * php7-soap-7.4.33-150200.3.60.1 * php7-phar-7.4.33-150200.3.60.1 * php7-devel-7.4.33-150200.3.60.1 * php7-ctype-7.4.33-150200.3.60.1 * php7-bcmath-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-7.4.33-150200.3.60.1 * php7-xmlrpc-7.4.33-150200.3.60.1 * php7-pdo-7.4.33-150200.3.60.1 * php7-gmp-7.4.33-150200.3.60.1 * php7-debugsource-7.4.33-150200.3.60.1 * php7-tokenizer-7.4.33-150200.3.60.1 * php7-debuginfo-7.4.33-150200.3.60.1 * php7-bcmath-7.4.33-150200.3.60.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.60.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.60.1 * php7-opcache-debuginfo-7.4.33-150200.3.60.1 * php7-sysvshm-7.4.33-150200.3.60.1 * php7-bz2-7.4.33-150200.3.60.1 * php7-openssl-7.4.33-150200.3.60.1 * php7-mysql-7.4.33-150200.3.60.1 * php7-pgsql-7.4.33-150200.3.60.1 * php7-ftp-debuginfo-7.4.33-150200.3.60.1 * apache2-mod_php7-7.4.33-150200.3.60.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.60.1 * php7-xsl-debuginfo-7.4.33-150200.3.60.1 * php7-iconv-debuginfo-7.4.33-150200.3.60.1 * php7-gd-debuginfo-7.4.33-150200.3.60.1 * php7-sqlite-7.4.33-150200.3.60.1 * php7-odbc-7.4.33-150200.3.60.1 * php7-zlib-debuginfo-7.4.33-150200.3.60.1 * php7-exif-debuginfo-7.4.33-150200.3.60.1 * php7-calendar-7.4.33-150200.3.60.1 * php7-soap-debuginfo-7.4.33-150200.3.60.1 * php7-phar-debuginfo-7.4.33-150200.3.60.1 * php7-sysvsem-7.4.33-150200.3.60.1 * php7-posix-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-7.4.33-150200.3.60.1 * php7-opcache-7.4.33-150200.3.60.1 * php7-sockets-debuginfo-7.4.33-150200.3.60.1 * php7-sockets-7.4.33-150200.3.60.1 * php7-dba-7.4.33-150200.3.60.1 * php7-odbc-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.60.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-debuginfo-7.4.33-150200.3.60.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.60.1 * php7-dom-debuginfo-7.4.33-150200.3.60.1 * php7-fpm-7.4.33-150200.3.60.1 * php7-readline-7.4.33-150200.3.60.1 * php7-curl-debuginfo-7.4.33-150200.3.60.1 * php7-dba-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-7.4.33-150200.3.60.1 * php7-readline-debuginfo-7.4.33-150200.3.60.1 * php7-intl-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-7.4.33-150200.3.60.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.60.1 * php7-zip-7.4.33-150200.3.60.1 * php7-7.4.33-150200.3.60.1 * php7-ftp-7.4.33-150200.3.60.1 * php7-gd-7.4.33-150200.3.60.1 * php7-sqlite-debuginfo-7.4.33-150200.3.60.1 * php7-openssl-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-debuginfo-7.4.33-150200.3.60.1 * php7-dom-7.4.33-150200.3.60.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-7.4.33-150200.3.60.1 * php7-xsl-7.4.33-150200.3.60.1 * php7-fpm-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-7.4.33-150200.3.60.1 * php7-mysql-debuginfo-7.4.33-150200.3.60.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * php7-firebird-7.4.33-150200.3.60.1 * php7-firebird-debuginfo-7.4.33-150200.3.60.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * php7-zip-debuginfo-7.4.33-150200.3.60.1 * php7-xmlreader-7.4.33-150200.3.60.1 * php7-fastcgi-7.4.33-150200.3.60.1 * php7-pgsql-debuginfo-7.4.33-150200.3.60.1 * php7-ctype-debuginfo-7.4.33-150200.3.60.1 * php7-json-7.4.33-150200.3.60.1 * php7-zlib-7.4.33-150200.3.60.1 * php7-gettext-debuginfo-7.4.33-150200.3.60.1 * php7-exif-7.4.33-150200.3.60.1 * php7-gmp-debuginfo-7.4.33-150200.3.60.1 * php7-bz2-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-7.4.33-150200.3.60.1 * php7-iconv-7.4.33-150200.3.60.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-debuginfo-7.4.33-150200.3.60.1 * php7-mbstring-7.4.33-150200.3.60.1 * php7-fileinfo-7.4.33-150200.3.60.1 * php7-posix-7.4.33-150200.3.60.1 * php7-curl-7.4.33-150200.3.60.1 * php7-enchant-7.4.33-150200.3.60.1 * php7-calendar-debuginfo-7.4.33-150200.3.60.1 * php7-intl-7.4.33-150200.3.60.1 * php7-enchant-debuginfo-7.4.33-150200.3.60.1 * php7-json-debuginfo-7.4.33-150200.3.60.1 * php7-gettext-7.4.33-150200.3.60.1 * php7-pdo-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-7.4.33-150200.3.60.1 * php7-mbstring-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-debuginfo-7.4.33-150200.3.60.1 * php7-soap-7.4.33-150200.3.60.1 * php7-phar-7.4.33-150200.3.60.1 * php7-devel-7.4.33-150200.3.60.1 * php7-ctype-7.4.33-150200.3.60.1 * php7-bcmath-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-7.4.33-150200.3.60.1 * php7-xmlrpc-7.4.33-150200.3.60.1 * php7-pdo-7.4.33-150200.3.60.1 * php7-gmp-7.4.33-150200.3.60.1 * php7-debugsource-7.4.33-150200.3.60.1 * php7-tokenizer-7.4.33-150200.3.60.1 * php7-debuginfo-7.4.33-150200.3.60.1 * php7-bcmath-7.4.33-150200.3.60.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.60.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.60.1 * php7-opcache-debuginfo-7.4.33-150200.3.60.1 * php7-sysvshm-7.4.33-150200.3.60.1 * php7-bz2-7.4.33-150200.3.60.1 * php7-openssl-7.4.33-150200.3.60.1 * php7-mysql-7.4.33-150200.3.60.1 * php7-pgsql-7.4.33-150200.3.60.1 * php7-ftp-debuginfo-7.4.33-150200.3.60.1 * apache2-mod_php7-7.4.33-150200.3.60.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.60.1 * php7-xsl-debuginfo-7.4.33-150200.3.60.1 * php7-iconv-debuginfo-7.4.33-150200.3.60.1 * php7-gd-debuginfo-7.4.33-150200.3.60.1 * php7-sqlite-7.4.33-150200.3.60.1 * php7-odbc-7.4.33-150200.3.60.1 * php7-zlib-debuginfo-7.4.33-150200.3.60.1 * php7-exif-debuginfo-7.4.33-150200.3.60.1 * php7-calendar-7.4.33-150200.3.60.1 * php7-soap-debuginfo-7.4.33-150200.3.60.1 * php7-phar-debuginfo-7.4.33-150200.3.60.1 * php7-sysvsem-7.4.33-150200.3.60.1 * php7-posix-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-7.4.33-150200.3.60.1 * php7-opcache-7.4.33-150200.3.60.1 * php7-sockets-debuginfo-7.4.33-150200.3.60.1 * php7-sockets-7.4.33-150200.3.60.1 * php7-dba-7.4.33-150200.3.60.1 * php7-odbc-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.60.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-debuginfo-7.4.33-150200.3.60.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.60.1 * php7-dom-debuginfo-7.4.33-150200.3.60.1 * php7-fpm-7.4.33-150200.3.60.1 * php7-readline-7.4.33-150200.3.60.1 * php7-curl-debuginfo-7.4.33-150200.3.60.1 * php7-dba-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-7.4.33-150200.3.60.1 * php7-readline-debuginfo-7.4.33-150200.3.60.1 * php7-intl-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-7.4.33-150200.3.60.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.60.1 * php7-zip-7.4.33-150200.3.60.1 * php7-7.4.33-150200.3.60.1 * php7-ftp-7.4.33-150200.3.60.1 * php7-gd-7.4.33-150200.3.60.1 * php7-sqlite-debuginfo-7.4.33-150200.3.60.1 * php7-openssl-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-debuginfo-7.4.33-150200.3.60.1 * php7-dom-7.4.33-150200.3.60.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-7.4.33-150200.3.60.1 * php7-xsl-7.4.33-150200.3.60.1 * php7-fpm-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-7.4.33-150200.3.60.1 * php7-mysql-debuginfo-7.4.33-150200.3.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * php7-zip-debuginfo-7.4.33-150200.3.60.1 * php7-xmlreader-7.4.33-150200.3.60.1 * php7-fastcgi-7.4.33-150200.3.60.1 * php7-pgsql-debuginfo-7.4.33-150200.3.60.1 * php7-ctype-debuginfo-7.4.33-150200.3.60.1 * php7-json-7.4.33-150200.3.60.1 * php7-zlib-7.4.33-150200.3.60.1 * php7-gettext-debuginfo-7.4.33-150200.3.60.1 * php7-exif-7.4.33-150200.3.60.1 * php7-gmp-debuginfo-7.4.33-150200.3.60.1 * php7-bz2-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-7.4.33-150200.3.60.1 * php7-iconv-7.4.33-150200.3.60.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-debuginfo-7.4.33-150200.3.60.1 * php7-mbstring-7.4.33-150200.3.60.1 * php7-fileinfo-7.4.33-150200.3.60.1 * php7-posix-7.4.33-150200.3.60.1 * php7-curl-7.4.33-150200.3.60.1 * php7-enchant-7.4.33-150200.3.60.1 * php7-calendar-debuginfo-7.4.33-150200.3.60.1 * php7-intl-7.4.33-150200.3.60.1 * php7-enchant-debuginfo-7.4.33-150200.3.60.1 * php7-json-debuginfo-7.4.33-150200.3.60.1 * php7-gettext-7.4.33-150200.3.60.1 * php7-pdo-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-7.4.33-150200.3.60.1 * php7-mbstring-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-debuginfo-7.4.33-150200.3.60.1 * php7-soap-7.4.33-150200.3.60.1 * php7-phar-7.4.33-150200.3.60.1 * php7-devel-7.4.33-150200.3.60.1 * php7-ctype-7.4.33-150200.3.60.1 * php7-bcmath-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-7.4.33-150200.3.60.1 * php7-xmlrpc-7.4.33-150200.3.60.1 * php7-pdo-7.4.33-150200.3.60.1 * php7-gmp-7.4.33-150200.3.60.1 * php7-debugsource-7.4.33-150200.3.60.1 * php7-tokenizer-7.4.33-150200.3.60.1 * php7-debuginfo-7.4.33-150200.3.60.1 * php7-bcmath-7.4.33-150200.3.60.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.60.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.60.1 * php7-opcache-debuginfo-7.4.33-150200.3.60.1 * php7-sysvshm-7.4.33-150200.3.60.1 * php7-bz2-7.4.33-150200.3.60.1 * php7-openssl-7.4.33-150200.3.60.1 * php7-mysql-7.4.33-150200.3.60.1 * php7-pgsql-7.4.33-150200.3.60.1 * php7-ftp-debuginfo-7.4.33-150200.3.60.1 * apache2-mod_php7-7.4.33-150200.3.60.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.60.1 * php7-xsl-debuginfo-7.4.33-150200.3.60.1 * php7-iconv-debuginfo-7.4.33-150200.3.60.1 * php7-gd-debuginfo-7.4.33-150200.3.60.1 * php7-sqlite-7.4.33-150200.3.60.1 * php7-odbc-7.4.33-150200.3.60.1 * php7-zlib-debuginfo-7.4.33-150200.3.60.1 * php7-exif-debuginfo-7.4.33-150200.3.60.1 * php7-calendar-7.4.33-150200.3.60.1 * php7-soap-debuginfo-7.4.33-150200.3.60.1 * php7-phar-debuginfo-7.4.33-150200.3.60.1 * php7-sysvsem-7.4.33-150200.3.60.1 * php7-posix-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-7.4.33-150200.3.60.1 * php7-opcache-7.4.33-150200.3.60.1 * php7-sockets-debuginfo-7.4.33-150200.3.60.1 * php7-sockets-7.4.33-150200.3.60.1 * php7-dba-7.4.33-150200.3.60.1 * php7-odbc-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.60.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-debuginfo-7.4.33-150200.3.60.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.60.1 * php7-dom-debuginfo-7.4.33-150200.3.60.1 * php7-fpm-7.4.33-150200.3.60.1 * php7-readline-7.4.33-150200.3.60.1 * php7-curl-debuginfo-7.4.33-150200.3.60.1 * php7-dba-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-7.4.33-150200.3.60.1 * php7-readline-debuginfo-7.4.33-150200.3.60.1 * php7-intl-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-7.4.33-150200.3.60.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.60.1 * php7-zip-7.4.33-150200.3.60.1 * php7-7.4.33-150200.3.60.1 * php7-ftp-7.4.33-150200.3.60.1 * php7-gd-7.4.33-150200.3.60.1 * php7-sqlite-debuginfo-7.4.33-150200.3.60.1 * php7-openssl-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-debuginfo-7.4.33-150200.3.60.1 * php7-dom-7.4.33-150200.3.60.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-7.4.33-150200.3.60.1 * php7-xsl-7.4.33-150200.3.60.1 * php7-fpm-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-7.4.33-150200.3.60.1 * php7-mysql-debuginfo-7.4.33-150200.3.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * php7-zip-debuginfo-7.4.33-150200.3.60.1 * php7-xmlreader-7.4.33-150200.3.60.1 * php7-fastcgi-7.4.33-150200.3.60.1 * php7-pgsql-debuginfo-7.4.33-150200.3.60.1 * php7-ctype-debuginfo-7.4.33-150200.3.60.1 * php7-json-7.4.33-150200.3.60.1 * php7-zlib-7.4.33-150200.3.60.1 * php7-gettext-debuginfo-7.4.33-150200.3.60.1 * php7-exif-7.4.33-150200.3.60.1 * php7-gmp-debuginfo-7.4.33-150200.3.60.1 * php7-bz2-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-7.4.33-150200.3.60.1 * php7-iconv-7.4.33-150200.3.60.1 * php7-xmlreader-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-debuginfo-7.4.33-150200.3.60.1 * php7-mbstring-7.4.33-150200.3.60.1 * php7-fileinfo-7.4.33-150200.3.60.1 * php7-posix-7.4.33-150200.3.60.1 * php7-curl-7.4.33-150200.3.60.1 * php7-enchant-7.4.33-150200.3.60.1 * php7-calendar-debuginfo-7.4.33-150200.3.60.1 * php7-intl-7.4.33-150200.3.60.1 * php7-enchant-debuginfo-7.4.33-150200.3.60.1 * php7-json-debuginfo-7.4.33-150200.3.60.1 * php7-gettext-7.4.33-150200.3.60.1 * php7-pdo-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-7.4.33-150200.3.60.1 * php7-mbstring-debuginfo-7.4.33-150200.3.60.1 * php7-ldap-debuginfo-7.4.33-150200.3.60.1 * php7-soap-7.4.33-150200.3.60.1 * php7-phar-7.4.33-150200.3.60.1 * php7-devel-7.4.33-150200.3.60.1 * php7-ctype-7.4.33-150200.3.60.1 * php7-bcmath-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-7.4.33-150200.3.60.1 * php7-xmlrpc-7.4.33-150200.3.60.1 * php7-pdo-7.4.33-150200.3.60.1 * php7-gmp-7.4.33-150200.3.60.1 * php7-debugsource-7.4.33-150200.3.60.1 * php7-tokenizer-7.4.33-150200.3.60.1 * php7-debuginfo-7.4.33-150200.3.60.1 * php7-bcmath-7.4.33-150200.3.60.1 * php7-sysvshm-debuginfo-7.4.33-150200.3.60.1 * php7-tokenizer-debuginfo-7.4.33-150200.3.60.1 * php7-opcache-debuginfo-7.4.33-150200.3.60.1 * php7-sysvshm-7.4.33-150200.3.60.1 * php7-bz2-7.4.33-150200.3.60.1 * php7-openssl-7.4.33-150200.3.60.1 * php7-mysql-7.4.33-150200.3.60.1 * php7-pgsql-7.4.33-150200.3.60.1 * php7-ftp-debuginfo-7.4.33-150200.3.60.1 * apache2-mod_php7-7.4.33-150200.3.60.1 * apache2-mod_php7-debuginfo-7.4.33-150200.3.60.1 * php7-xsl-debuginfo-7.4.33-150200.3.60.1 * php7-iconv-debuginfo-7.4.33-150200.3.60.1 * php7-gd-debuginfo-7.4.33-150200.3.60.1 * php7-sqlite-7.4.33-150200.3.60.1 * php7-odbc-7.4.33-150200.3.60.1 * php7-zlib-debuginfo-7.4.33-150200.3.60.1 * php7-exif-debuginfo-7.4.33-150200.3.60.1 * php7-calendar-7.4.33-150200.3.60.1 * php7-soap-debuginfo-7.4.33-150200.3.60.1 * php7-phar-debuginfo-7.4.33-150200.3.60.1 * php7-sysvsem-7.4.33-150200.3.60.1 * php7-posix-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-7.4.33-150200.3.60.1 * php7-opcache-7.4.33-150200.3.60.1 * php7-sockets-debuginfo-7.4.33-150200.3.60.1 * php7-sockets-7.4.33-150200.3.60.1 * php7-dba-7.4.33-150200.3.60.1 * php7-odbc-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-debuginfo-7.4.33-150200.3.60.1 * php7-fileinfo-debuginfo-7.4.33-150200.3.60.1 * php7-pcntl-debuginfo-7.4.33-150200.3.60.1 * php7-fastcgi-debuginfo-7.4.33-150200.3.60.1 * php7-dom-debuginfo-7.4.33-150200.3.60.1 * php7-fpm-7.4.33-150200.3.60.1 * php7-readline-7.4.33-150200.3.60.1 * php7-curl-debuginfo-7.4.33-150200.3.60.1 * php7-dba-debuginfo-7.4.33-150200.3.60.1 * php7-shmop-7.4.33-150200.3.60.1 * php7-readline-debuginfo-7.4.33-150200.3.60.1 * php7-intl-debuginfo-7.4.33-150200.3.60.1 * php7-xmlwriter-7.4.33-150200.3.60.1 * php7-sysvsem-debuginfo-7.4.33-150200.3.60.1 * php7-zip-7.4.33-150200.3.60.1 * php7-7.4.33-150200.3.60.1 * php7-ftp-7.4.33-150200.3.60.1 * php7-gd-7.4.33-150200.3.60.1 * php7-sqlite-debuginfo-7.4.33-150200.3.60.1 * php7-openssl-debuginfo-7.4.33-150200.3.60.1 * php7-sodium-debuginfo-7.4.33-150200.3.60.1 * php7-tidy-debuginfo-7.4.33-150200.3.60.1 * php7-dom-7.4.33-150200.3.60.1 * php7-xmlrpc-debuginfo-7.4.33-150200.3.60.1 * php7-sysvmsg-7.4.33-150200.3.60.1 * php7-xsl-7.4.33-150200.3.60.1 * php7-fpm-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-debuginfo-7.4.33-150200.3.60.1 * php7-snmp-7.4.33-150200.3.60.1 * php7-mysql-debuginfo-7.4.33-150200.3.60.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3823.html * https://www.suse.com/security/cve/CVE-2023-3824.html * https://bugzilla.suse.com/show_bug.cgi?id=1214103 * https://bugzilla.suse.com/show_bug.cgi?id=1214106 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 31 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 12:30:01 -0000 Subject: SUSE-RU-2023:3500-1: moderate: Recommended update for lttng-modules Message-ID: <169348500152.21195.6039595534192856991@smelt2.suse.de> # Recommended update for lttng-modules Announcement ID: SUSE-RU-2023:3500-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that can now be installed. ## Description: This update for lttng-modules fixes the following issues: * Fix build error caused by kernel-source change * Use the correct print format ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3500=1 SUSE-2023-3500=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3500=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-3500=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * lttng-modules-kmp-rt-2.13.7_k5.14.21_150500.13.11-150500.5.3.1 * lttng-modules-kmp-default-debuginfo-2.13.7_k5.14.21_150500.55.19-150500.5.3.1 * lttng-modules-2.13.7-150500.5.3.1 * lttng-modules-kmp-default-2.13.7_k5.14.21_150500.55.19-150500.5.3.1 * lttng-modules-kmp-rt-debuginfo-2.13.7_k5.14.21_150500.13.11-150500.5.3.1 * lttng-modules-debugsource-2.13.7-150500.5.3.1 * Development Tools Module 15-SP5 (x86_64) * lttng-modules-2.13.7-150500.5.3.1 * lttng-modules-kmp-default-debuginfo-2.13.7_k5.14.21_150500.55.19-150500.5.3.1 * lttng-modules-kmp-default-2.13.7_k5.14.21_150500.55.19-150500.5.3.1 * lttng-modules-debugsource-2.13.7-150500.5.3.1 * SUSE Real Time Module 15-SP5 (x86_64) * lttng-modules-kmp-rt-2.13.7_k5.14.21_150500.13.11-150500.5.3.1 * lttng-modules-kmp-rt-debuginfo-2.13.7_k5.14.21_150500.13.11-150500.5.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 31 12:37:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:37:33 +0200 (CEST) Subject: SUSE-CU-2023:2780-1: Security update of bci/bci-busybox Message-ID: <20230831123733.39A72FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2780-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.19.2 Container Release : 19.2 Severity : important Type : security References : 1214248 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.62-150200.30.1 updated From sle-updates at lists.suse.com Thu Aug 31 12:37:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:37:40 +0200 (CEST) Subject: SUSE-CU-2023:2781-1: Security update of bci/bci-busybox Message-ID: <20230831123740.DC3DDFDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2781-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.11.3 , bci/bci-busybox:latest Container Release : 11.3 Severity : important Type : security References : 1214248 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.62-150200.30.1 updated From sle-updates at lists.suse.com Thu Aug 31 12:37:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:37:54 +0200 (CEST) Subject: SUSE-CU-2023:2782-1: Recommended update of bci/golang Message-ID: <20230831123754.694E9FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2782-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.2.10 , bci/golang:oldstable , bci/golang:oldstable-2.2.10 Container Release : 2.10 Severity : important Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213282 1213575 1213873 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3388-1 Released: Wed Aug 23 17:14:22 2023 Summary: Recommended update for binutils Type: recommended Severity: important References: 1213282 This update for binutils fixes the following issues: - Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libctf-nobfd0-2.39-150100.7.43.2 updated - libctf0-2.39-150100.7.43.2 updated - binutils-2.39-150100.7.43.2 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Thu Aug 31 12:38:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:38:08 +0200 (CEST) Subject: SUSE-CU-2023:2783-1: Recommended update of bci/bci-init Message-ID: <20230831123808.6E852FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2783-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.8.51 , bci/bci-init:latest Container Release : 8.51 Severity : moderate Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 1214071 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated - systemd-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Thu Aug 31 12:38:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:38:23 +0200 (CEST) Subject: SUSE-CU-2023:2784-1: Recommended update of bci/nodejs Message-ID: <20230831123823.9D18AFDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2784-1 Container Tags : bci/node:18 , bci/node:18-9.23 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-9.23 , bci/nodejs:latest Container Release : 9.23 Severity : moderate Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Thu Aug 31 12:38:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:38:39 +0200 (CEST) Subject: SUSE-CU-2023:2785-1: Security update of bci/openjdk-devel Message-ID: <20230831123839.E76CDFDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2785-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-10.80 , bci/openjdk-devel:latest Container Release : 10.80 Severity : moderate Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210419 1210702 1211576 1212434 1213185 1213575 1213873 CVE-2023-2004 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - container:bci-openjdk-17-15.5.17-10.39 updated From sle-updates at lists.suse.com Thu Aug 31 12:38:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:38:53 +0200 (CEST) Subject: SUSE-CU-2023:2786-1: Security update of suse/pcp Message-ID: <20230831123853.EF96AFDCB@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2786-1 Container Tags : suse/pcp:5 , suse/pcp:5-13.40 , suse/pcp:5.2 , suse/pcp:5.2-13.40 , suse/pcp:5.2.5 , suse/pcp:5.2.5-13.40 , suse/pcp:latest Container Release : 13.40 Severity : moderate Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 1214025 1214071 CVE-2023-4156 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated - systemd-249.16-150400.8.33.1 updated - gawk-4.2.1-150000.3.3.1 updated - container:bci-bci-init-15.5-15.5-8.51 updated From sle-updates at lists.suse.com Thu Aug 31 12:39:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:39:07 +0200 (CEST) Subject: SUSE-CU-2023:2787-1: Recommended update of bci/php-apache Message-ID: <20230831123907.63A0BFDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2787-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-6.37 Container Release : 6.37 Severity : moderate Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Thu Aug 31 12:39:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:39:21 +0200 (CEST) Subject: SUSE-CU-2023:2788-1: Recommended update of bci/php-fpm Message-ID: <20230831123921.0ED9BFDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2788-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-6.36 Container Release : 6.36 Severity : moderate Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Thu Aug 31 12:39:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:39:34 +0200 (CEST) Subject: SUSE-CU-2023:2789-1: Recommended update of bci/php Message-ID: <20230831123934.A948FFDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2789-1 Container Tags : bci/php:8 , bci/php:8-6.36 Container Release : 6.36 Severity : moderate Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Thu Aug 31 12:39:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:39:45 +0200 (CEST) Subject: SUSE-CU-2023:2790-1: Recommended update of suse/postgres Message-ID: <20230831123945.9839EFDCB@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2790-1 Container Tags : suse/postgres:14 , suse/postgres:14-12.40 , suse/postgres:14.9 , suse/postgres:14.9-12.40 Container Release : 12.40 Severity : moderate Type : recommended References : 1103893 1112183 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 1214071 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - systemd-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Thu Aug 31 12:39:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:39:57 +0200 (CEST) Subject: SUSE-CU-2023:2791-1: Recommended update of suse/postgres Message-ID: <20230831123957.1FC47FDCB@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2791-1 Container Tags : suse/postgres:15 , suse/postgres:15-9.40 , suse/postgres:15.4 , suse/postgres:15.4-9.40 , suse/postgres:latest Container Release : 9.40 Severity : moderate Type : recommended References : 1103893 1112183 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 1214071 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - systemd-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Thu Aug 31 12:40:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:40:11 +0200 (CEST) Subject: SUSE-CU-2023:2792-1: Recommended update of bci/python Message-ID: <20230831124011.6EF69FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2792-1 Container Tags : bci/python:3 , bci/python:3-8.45 , bci/python:3.11 , bci/python:3.11-8.45 , bci/python:latest Container Release : 8.45 Severity : moderate Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Thu Aug 31 12:40:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:40:25 +0200 (CEST) Subject: SUSE-CU-2023:2793-1: Recommended update of bci/python Message-ID: <20230831124025.5D250FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2793-1 Container Tags : bci/python:3 , bci/python:3-10.43 , bci/python:3.6 , bci/python:3.6-10.43 Container Release : 10.43 Severity : moderate Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issue: - Rename sources in preparation of python3.11 (jsc#PED-68) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - python3-ordered-set-4.0.2-150400.8.34 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Thu Aug 31 12:40:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:40:37 +0200 (CEST) Subject: SUSE-CU-2023:2794-1: Security update of bci/ruby Message-ID: <20230831124037.BECE8FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2794-1 Container Tags : bci/ruby:2 , bci/ruby:2-10.35 , bci/ruby:2.5 , bci/ruby:2.5-10.35 , bci/ruby:latest Container Release : 10.35 Severity : important Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213282 1213575 1213873 1214025 CVE-2023-4156 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3388-1 Released: Wed Aug 23 17:14:22 2023 Summary: Recommended update for binutils Type: recommended Severity: important References: 1213282 This update for binutils fixes the following issues: - Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libctf-nobfd0-2.39-150100.7.43.2 updated - libctf0-2.39-150100.7.43.2 updated - binutils-2.39-150100.7.43.2 updated - gawk-4.2.1-150000.3.3.1 updated - container:sles15-image-15.0.0-36.5.28 updated From sle-updates at lists.suse.com Thu Aug 31 12:40:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:40:53 +0200 (CEST) Subject: SUSE-CU-2023:2795-1: Recommended update of bci/rust Message-ID: <20230831124053.D32D0FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2795-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-2.9.20 , bci/rust:oldstable , bci/rust:oldstable-2.9.20 Container Release : 9.20 Severity : important Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213282 1213575 1213873 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3388-1 Released: Wed Aug 23 17:14:22 2023 Summary: Recommended update for binutils Type: recommended Severity: important References: 1213282 This update for binutils fixes the following issues: - Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libctf-nobfd0-2.39-150100.7.43.2 updated - libctf0-2.39-150100.7.43.2 updated - binutils-2.39-150100.7.43.2 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Thu Aug 31 12:41:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:41:08 +0200 (CEST) Subject: SUSE-CU-2023:2796-1: Recommended update of bci/rust Message-ID: <20230831124108.D0C53FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2796-1 Container Tags : bci/rust:1.71 , bci/rust:1.71-1.10.21 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.10.21 Container Release : 10.21 Severity : important Type : recommended References : 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1211576 1212434 1213185 1213282 1213575 1213873 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3388-1 Released: Wed Aug 23 17:14:22 2023 Summary: Recommended update for binutils Type: recommended Severity: important References: 1213282 This update for binutils fixes the following issues: - Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) The following package changes have been done: - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libctf-nobfd0-2.39-150100.7.43.2 updated - libctf0-2.39-150100.7.43.2 updated - binutils-2.39-150100.7.43.2 updated - container:sles15-image-15.0.0-36.5.29 updated From sle-updates at lists.suse.com Thu Aug 31 12:41:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 14:41:21 +0200 (CEST) Subject: SUSE-CU-2023:2797-1: Security update of suse/sle15 Message-ID: <20230831124121.F2F65FDCB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2797-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.29 , suse/sle15:15.5 , suse/sle15:15.5.36.5.29 Container Release : 36.5.29 Severity : important Type : security References : 1186606 1194609 1208194 1209741 1210702 1211576 1212434 1213185 1213575 1213873 1214248 1214290 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). The following package changes have been done: - ca-certificates-mozilla-2.62-150200.30.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - procps-3.3.15-150000.7.34.1 updated From sle-updates at lists.suse.com Thu Aug 31 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 16:30:02 -0000 Subject: SUSE-RU-2023:3503-1: moderate: Recommended update for rebootmgr Message-ID: <169349940245.18366.9130612851017822088@smelt2.suse.de> # Recommended update for rebootmgr Announcement ID: SUSE-RU-2023:3503-1 Rating: moderate References: * #1172518 * #1173484 * #1186510 * #1197850 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * Transactional Server Module 15-SP4 * Transactional Server Module 15-SP5 An update that has four recommended fixes can now be installed. ## Description: This update for rebootmgr fixes the following issues: Update to version 1.3.1 * Move all dbus config files to /usr/share/dbus-1 Update to version 1.3 * Fix documentation of is-active return value (bsc#1173484) * Fix crash if rebootmgrd is already running * Fix systemctl restart; also removes KillMode=none from systemd service file (bsc#1186510) Update to version 1.2 * depend on dbus and not network as we disabled etcd support (bsc#1172518) Update to version 1.1 * fix systemd and tmpfiles.d directory path Update to version 1.0 * Rewrite rebootmgrd to not depend on glib and dbus-glib * Disable ectd support (no current etcd C-library available) Update to version 0.20.1 * added a memory allocation check * Fix %config for backward compatibility Update to version 0.20 * add support to write changes back to /etc/rebootmgr.conf * fix compilation with glibc 2.30 (bsc#1197850) Preserve /etc/rebootmgr.conf if modified Update to version 0.19 * use libeconf for /usr/etc move Update to version 0.18 * allow to compile without etcd support ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3503=1 openSUSE-SLE-15.4-2023-3503=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3503=1 * Transactional Server Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2023-3503=1 * Transactional Server Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP5-2023-3503=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rebootmgr-debuginfo-1.3.1-150400.9.3.4 * rebootmgr-1.3.1-150400.9.3.4 * rebootmgr-debugsource-1.3.1-150400.9.3.4 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rebootmgr-debuginfo-1.3.1-150400.9.3.4 * rebootmgr-1.3.1-150400.9.3.4 * rebootmgr-debugsource-1.3.1-150400.9.3.4 * Transactional Server Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rebootmgr-debuginfo-1.3.1-150400.9.3.4 * rebootmgr-1.3.1-150400.9.3.4 * rebootmgr-debugsource-1.3.1-150400.9.3.4 * Transactional Server Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rebootmgr-debuginfo-1.3.1-150400.9.3.4 * rebootmgr-1.3.1-150400.9.3.4 * rebootmgr-debugsource-1.3.1-150400.9.3.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1172518 * https://bugzilla.suse.com/show_bug.cgi?id=1173484 * https://bugzilla.suse.com/show_bug.cgi?id=1186510 * https://bugzilla.suse.com/show_bug.cgi?id=1197850 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 31 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 16:30:04 -0000 Subject: SUSE-RU-2023:3502-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <169349940450.18366.5679342129003754407@smelt2.suse.de> # Recommended update for lifecycle-data-sle-module-live-patching Announcement ID: SUSE-RU-2023:3502-1 Rating: moderate References: * #1020320 * #1213758 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: * Added data for livepatches 4_12_14-150100_197_151, 5_14_21-150400_24_69, 5_14_21-150500_55_7, 5_3_18-150200_24_157, 5_3_18-150300_59_127, +kernel- livepatch-5_14_21-150400_15_37-rt, _,+kernel- livepatch-5_14_21-150400_15_40-rt,_ ,+kernel-livepatch-5_14_21-150500_11-rt, _,+kernel-livepatch-5_14_21-150500_13_5-rt,_. (bsc#1020320) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3502=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3502=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3502=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3502=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3502=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3502=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3502=1 ## Package List: * openSUSE Leap 15.4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.99.1 * openSUSE Leap 15.5 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.99.1 * SUSE Linux Enterprise Live Patching 15-SP1 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.99.1 * SUSE Linux Enterprise Live Patching 15-SP2 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.99.1 * SUSE Linux Enterprise Live Patching 15-SP3 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.99.1 * SUSE Linux Enterprise Live Patching 15-SP4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.99.1 * SUSE Linux Enterprise Live Patching 15-SP5 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.99.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 * https://bugzilla.suse.com/show_bug.cgi?id=1213758 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 31 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 16:30:06 -0000 Subject: SUSE-SU-2023:3501-1: important: Security update for amazon-ssm-agent Message-ID: <169349940637.18366.6288579850178722449@smelt2.suse.de> # Security update for amazon-ssm-agent Announcement ID: SUSE-SU-2023:3501-1 Rating: important References: * #1212475 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update of amazon-ssm-agent fixes the following issues: * rebuild the package with the go 1.21 security release (bsc#1212475). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-3501=1 ## Package List: * Public Cloud Module 12 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-4.33.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 31 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 20:30:04 -0000 Subject: SUSE-SU-2023:3507-1: important: Security update for open-vm-tools Message-ID: <169351380416.9947.933642695782877123@smelt2.suse.de> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:3507-1 Rating: important References: * #1214566 * PED-3421 Cross-References: * CVE-2023-20900 CVSS scores: * CVE-2023-20900 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20900 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566). This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3507=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3507=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3507=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3507=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3507=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3507=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3507=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3507=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3507=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3507=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3507=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3507=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3507=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3507=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3507=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3507=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3507=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3507=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3507=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3507=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3507=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * openSUSE Leap 15.4 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.33.1 * openSUSE Leap 15.5 (aarch64 x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * openSUSE Leap 15.5 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * Basesystem Module 15-SP4 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.33.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * Basesystem Module 15-SP5 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-salt-minion-12.2.0-150300.33.1 * Desktop Applications Module 15-SP4 (aarch64 x86_64) * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * Desktop Applications Module 15-SP5 (aarch64 x86_64) * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-salt-minion-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-salt-minion-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * SUSE Manager Proxy 4.2 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * SUSE Manager Server 4.2 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * SUSE Enterprise Storage 7.1 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-salt-minion-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20900.html * https://bugzilla.suse.com/show_bug.cgi?id=1214566 * https://jira.suse.com/browse/PED-3421 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 31 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 20:30:06 -0000 Subject: SUSE-SU-2023:3506-1: important: Security update for open-vm-tools Message-ID: <169351380653.9947.13450319741137740042@smelt2.suse.de> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:3506-1 Rating: important References: * #1214566 Cross-References: * CVE-2023-20900 CVSS scores: * CVE-2023-20900 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20900 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3506=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3506=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3506=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libvmtools0-debuginfo-12.2.0-4.56.2 * open-vm-tools-desktop-debuginfo-12.2.0-4.56.2 * open-vm-tools-sdmp-debuginfo-12.2.0-4.56.2 * open-vm-tools-desktop-12.2.0-4.56.2 * open-vm-tools-salt-minion-12.2.0-4.56.2 * open-vm-tools-12.2.0-4.56.2 * open-vm-tools-debugsource-12.2.0-4.56.2 * open-vm-tools-debuginfo-12.2.0-4.56.2 * open-vm-tools-sdmp-12.2.0-4.56.2 * libvmtools0-12.2.0-4.56.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libvmtools0-debuginfo-12.2.0-4.56.2 * open-vm-tools-desktop-debuginfo-12.2.0-4.56.2 * open-vm-tools-sdmp-debuginfo-12.2.0-4.56.2 * open-vm-tools-desktop-12.2.0-4.56.2 * open-vm-tools-salt-minion-12.2.0-4.56.2 * open-vm-tools-12.2.0-4.56.2 * open-vm-tools-debugsource-12.2.0-4.56.2 * open-vm-tools-debuginfo-12.2.0-4.56.2 * open-vm-tools-sdmp-12.2.0-4.56.2 * libvmtools0-12.2.0-4.56.2 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libvmtools0-debuginfo-12.2.0-4.56.2 * open-vm-tools-desktop-debuginfo-12.2.0-4.56.2 * open-vm-tools-sdmp-debuginfo-12.2.0-4.56.2 * open-vm-tools-desktop-12.2.0-4.56.2 * open-vm-tools-salt-minion-12.2.0-4.56.2 * open-vm-tools-12.2.0-4.56.2 * open-vm-tools-debugsource-12.2.0-4.56.2 * open-vm-tools-debuginfo-12.2.0-4.56.2 * open-vm-tools-sdmp-12.2.0-4.56.2 * libvmtools0-12.2.0-4.56.2 ## References: * https://www.suse.com/security/cve/CVE-2023-20900.html * https://bugzilla.suse.com/show_bug.cgi?id=1214566 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 31 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 20:30:09 -0000 Subject: SUSE-SU-2023:3505-1: important: Security update for open-vm-tools Message-ID: <169351380954.9947.6724173933636489254@smelt2.suse.de> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:3505-1 Rating: important References: * #1212143 * #1214566 Cross-References: * CVE-2023-20867 * CVE-2023-20900 CVSS scores: * CVE-2023-20867 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N * CVE-2023-20867 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N * CVE-2023-20900 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20900 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). * CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3505=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3505=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3505=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3505=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libvmtools0-debuginfo-11.3.5-150200.5.16.16.1 * open-vm-tools-sdmp-11.3.5-150200.5.16.16.1 * open-vm-tools-debugsource-11.3.5-150200.5.16.16.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.16.1 * open-vm-tools-11.3.5-150200.5.16.16.1 * open-vm-tools-debuginfo-11.3.5-150200.5.16.16.1 * libvmtools0-11.3.5-150200.5.16.16.1 * libvmtools-devel-11.3.5-150200.5.16.16.1 * open-vm-tools-desktop-11.3.5-150200.5.16.16.1 * open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libvmtools0-debuginfo-11.3.5-150200.5.16.16.1 * open-vm-tools-sdmp-11.3.5-150200.5.16.16.1 * open-vm-tools-debugsource-11.3.5-150200.5.16.16.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.16.1 * open-vm-tools-11.3.5-150200.5.16.16.1 * open-vm-tools-debuginfo-11.3.5-150200.5.16.16.1 * libvmtools0-11.3.5-150200.5.16.16.1 * libvmtools-devel-11.3.5-150200.5.16.16.1 * open-vm-tools-desktop-11.3.5-150200.5.16.16.1 * open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libvmtools0-debuginfo-11.3.5-150200.5.16.16.1 * open-vm-tools-sdmp-11.3.5-150200.5.16.16.1 * open-vm-tools-debugsource-11.3.5-150200.5.16.16.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.16.1 * open-vm-tools-11.3.5-150200.5.16.16.1 * open-vm-tools-debuginfo-11.3.5-150200.5.16.16.1 * libvmtools0-11.3.5-150200.5.16.16.1 * libvmtools-devel-11.3.5-150200.5.16.16.1 * open-vm-tools-desktop-11.3.5-150200.5.16.16.1 * open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.16.1 * SUSE Enterprise Storage 7 (x86_64) * libvmtools0-debuginfo-11.3.5-150200.5.16.16.1 * open-vm-tools-sdmp-11.3.5-150200.5.16.16.1 * open-vm-tools-debugsource-11.3.5-150200.5.16.16.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.16.1 * open-vm-tools-11.3.5-150200.5.16.16.1 * open-vm-tools-debuginfo-11.3.5-150200.5.16.16.1 * libvmtools0-11.3.5-150200.5.16.16.1 * libvmtools-devel-11.3.5-150200.5.16.16.1 * open-vm-tools-desktop-11.3.5-150200.5.16.16.1 * open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20867.html * https://www.suse.com/security/cve/CVE-2023-20900.html * https://bugzilla.suse.com/show_bug.cgi?id=1212143 * https://bugzilla.suse.com/show_bug.cgi?id=1214566 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Aug 31 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Aug 2023 20:30:11 -0000 Subject: SUSE-SU-2023:3504-1: important: Security update for open-vm-tools Message-ID: <169351381142.9947.8995655158562703094@smelt2.suse.de> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:3504-1 Rating: important References: * #1212143 * #1214566 Cross-References: * CVE-2023-20867 * CVE-2023-20900 CVSS scores: * CVE-2023-20867 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N * CVE-2023-20867 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N * CVE-2023-20900 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20900 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). * CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3504=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3504=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3504=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * open-vm-tools-sdmp-11.3.5-150100.4.37.18.1 * open-vm-tools-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-debugsource-11.3.5-150100.4.37.18.1 * open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.18.1 * libvmtools0-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-11.3.5-150100.4.37.18.1 * libvmtools-devel-11.3.5-150100.4.37.18.1 * open-vm-tools-desktop-11.3.5-150100.4.37.18.1 * libvmtools0-11.3.5-150100.4.37.18.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * open-vm-tools-sdmp-11.3.5-150100.4.37.18.1 * open-vm-tools-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-debugsource-11.3.5-150100.4.37.18.1 * open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.18.1 * libvmtools0-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-11.3.5-150100.4.37.18.1 * libvmtools-devel-11.3.5-150100.4.37.18.1 * open-vm-tools-desktop-11.3.5-150100.4.37.18.1 * libvmtools0-11.3.5-150100.4.37.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * open-vm-tools-sdmp-11.3.5-150100.4.37.18.1 * open-vm-tools-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-debugsource-11.3.5-150100.4.37.18.1 * open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.18.1 * libvmtools0-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-11.3.5-150100.4.37.18.1 * libvmtools-devel-11.3.5-150100.4.37.18.1 * open-vm-tools-desktop-11.3.5-150100.4.37.18.1 * libvmtools0-11.3.5-150100.4.37.18.1 * SUSE CaaS Platform 4.0 (x86_64) * open-vm-tools-sdmp-11.3.5-150100.4.37.18.1 * open-vm-tools-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-debugsource-11.3.5-150100.4.37.18.1 * open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.18.1 * libvmtools0-debuginfo-11.3.5-150100.4.37.18.1 * open-vm-tools-11.3.5-150100.4.37.18.1 * libvmtools-devel-11.3.5-150100.4.37.18.1 * open-vm-tools-desktop-11.3.5-150100.4.37.18.1 * libvmtools0-11.3.5-150100.4.37.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20867.html * https://www.suse.com/security/cve/CVE-2023-20900.html * https://bugzilla.suse.com/show_bug.cgi?id=1212143 * https://bugzilla.suse.com/show_bug.cgi?id=1214566 -------------- next part -------------- An HTML attachment was scrubbed... URL: